Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Turkey: KVKK announces İncirli Sağlık ve Sosyal Tesisler data breach

On September 10, 2024, the Personal Data Protection Authority (KVKK) disclosed a data breach, in Decision no. 2024/1565, involving İncirli Sağlık ve Sosyal Tesisler A.Ş. The KVKK highlighted that İncirli Sağlık ve Sosyal Tesisler had notified them of the breach, as required by Article 12(5) of the Law on Protection of Personal Data No. 6698.

The KVKK noted that the breach occurred by external intervention into the data controller's information system, deleting and destroying all data, including all registered applications, and destroying backups. The violation began on August 14, 2024, and ended on September 4, 2024. The group of people affected by the breach are employees and patients.

Moreover, the personal data categories affected by the breach are identity, communication, location, personnel, legal process, customer process, physical space security, health information, sexual life, biometric data, and genetic data categories. Since all records were deleted, the KVKK noted that it is not possible to know the number of personnel who have ever worked at the data controller and the number of outpatients and inpatients, but the number of people affected by the breach is estimated to be 1,000 or more.

You can read the press release, only available in Turkish, here.