In summary, in the data breach notification submitted to the Personal Data Protection Board by Alexion İlaç Ticaret Limited Şirketi, which is the data controller;
- The violation occurred between 13.02.2024-21.02.2024 and was detected on 05.05.2024,
- There was a cyber attack on the systems of eClinical Solutions LLC (data processor) from which the data controller receives services for clinical research,
- It has been determined that the data held on the data processor's sFTP server has been leaked by unauthorized person(s),
- Relevant groups of individuals affected by the breach; responsible investigators (HCP), research center staff, people assigned to the research study and clinical research participants/volunteers (subjects),
- A total of 607 people, including 150 clinical trial participants/volunteers, were affected by the violation,
- Personal data affected by the breach;
- For participants/volunteers participating in clinical research (all pseudonymised/coded); participant ID (keycoded identifier), study name, status, date of explicit consent, date of screen failure, random date, arm/cohort/startification, date of first dose, date of current dose, date of last dose, date of last visit, number of rescans , previous participant identification, age, gender, race, ethnicity, end of randomized period, reason for discontinuation of treatment, date of discontinuation of treatment, reason for discontinuation of study, date of discontinuation of study, study completed, date of study completion, date of death, SDVTier, participant identification, birth year, laboratory results, value within range, laboratory date, medications used, medical history information,
- For responsible investigators (HCP), research center staff, and people assigned to the research study; field personnel information, UserOID, login name, screen name, full name, user role, country, corporate contact information (address, e-mail, fax, phone, license number).
information is included.
Although the investigation on the issue continues, with the Decision of the Personal Data Protection Board dated 09.05.2024 and numbered 2024/759, it was decided to announce the data breach notification on the Authority's website.
Source of New: Public Announcement (Data Breach Notification)
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.