Feb 202019

Ertuğrul Can Canbolat LL.M., Baran Can Yildirim, LL.M. and S. İrem Akin of Actecon write:

Article 12 of the Turkish Data Protection Law No. 6698 (“TurkishData Protection Law“) entitled “Obligations Regarding Data Security” deals with the obligations of the data controller.

Article 12/1 of the Turkish Data Protection Law states the data controller shall take all necessary technical and organizational measures to provide a sufficient level of security. In addition, Article 12/5 of the Law obliges the data controller to notify the Board of Protection Personal Data (“Board“) as well as data subjects in case personal data is acquired through unlawful means by stating that “in case processed personal data are acquired by others through unlawful means, the data controller shall notify the data subject and the Board of such situation as soon as possible. The Board, if necessary, may declare such situation on its website or by other means which it deems appropriate.”

Read more on Mondaq.

h/t, @CampusCodi

Feb 202019

Cameron Houston and Anthony Colangelo report:

A cyber crime syndicate has hacked and scrambled the medical files of about 15,000 patients from a specialist cardiology unit at Cabrini Hospital and demanded a ransom.

The attack is now the subject of a joint investigation by Commonwealth security agencies.

Melbourne Heart Group, which is based at the private hospital in Malvern, has been unable to access some patient files for more than three weeks, after the malware attack crippled its server and corrupted data.

So this is a situation in which we might understand why an entity would pay the demanded ransom, but in this case, the ransom may have been paid but the data were reportedly corrupted when the entity went to decrypt.

Read more on The Age.

Feb 202019

Saheli Roy Choudhury reports:

Microsoft said hackers targeted European think tanks and non-profit organizations which often have contact with government officials.

The attacks were carried out late last year through phishing campaigns to steal employee credentials and deliver malware, the tech giant said in a blog post on Wednesday.

The company said it detected attacks targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund through malicious websites and spoofed email addresses that looked legitimate.

Read more on CNBC.

Feb 192019

Gareth Corfield reports:

“Mr Love, you’re not the victim in this. You brought this on yourself; you’re the victim of your own decisions,” District Judge Margot Coleman told accused hacker Lauri Love in court today as she refused to return computers seized from him by the National Crime Agency.

Love, 34, had asked for the return of computers and peripherals taken from him by the National Crime Agency (NCA) when they raided his home in 2012. The Briton has been accused in the US of hacking a number of government agencies including NASA and the US Department of Energy.

He has not been charged in the UK. The US government tried and failed to extradite Love from the UK last year, with the Lord Chief Justice ruling: “Mr Love’s extradition would be oppressive by reason of his physical and mental condition”. Love has been diagnosed with an autism spectrum disorder.

Read more on The Register.  Love represented himself in this matter, and when you read what happened, it may serve as a reminder why people should retain counsel instead of trying to represent themselves.

Feb 192019

Jennie Russell reports:

Alberta’s privacy commissioner is investigating whether Alberta Health Services properly safeguards the public’s personal health information after CBC News revealed the electronic system housing it was vulnerable to outside security threats.

A 2018 assessment by an external security firm found several “significant risks” with the health authority’s administration of the Alberta Netcare Portal. The system gives health-care providers access to key information from a patient’s medical file, such as laboratory test results and hospital visits.

Read more on CBC.