Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Turkey: KVKK announces İncirli Sağlık ve Sosyal Tesisler data breach
On September 10, 2024, the Personal Data Protection Authority (KVKK) disclosed a data breach, in Decision no. 2024/1565, involving İncirli Sağlık ve Sosyal Tesisler A.Ş. The KVKK highlighted that İncirli Sağlık ve Sosyal Tesisler had notified them of the breach, as required by Article 12(5) of the Law on Protection of Personal Data No. 6698.
The KVKK noted that the breach occurred by external intervention into the data controller's information system, deleting and destroying all data, including all registered applications, and destroying backups. The violation began on August 14, 2024, and ended on September 4, 2024. The group of people affected by the breach are employees and patients.
Moreover, the personal data categories affected by the breach are identity, communication, location, personnel, legal process, customer process, physical space security, health information, sexual life, biometric data, and genetic data categories. Since all records were deleted, the KVKK noted that it is not possible to know the number of personnel who have ever worked at the data controller and the number of outpatients and inpatients, but the number of people affected by the breach is estimated to be 1,000 or more.
You can read the press release, only available in Turkish, here.