The Turkish Medical Association (TTB), a pivotal professional organization for physicians in Turkey, has allegedly suffered a significant data breach. The TTB, known formally as Turk Tabipleri Birligi, is the official body that sets professional and ethical standards for all practicing doctors in the country, holding the authority to issue disciplinary actions. All physicians in Turkey are required to be members of this Ankara-based association, making it a central institution in the nation’s healthcare system. A threat actor has claimed responsibility for the cyberattack, stating they exploited a vulnerability within the organization’s systems.
The breach has allegedly resulted in the exfiltration of a vast amount of sensitive information. The perpetrator claims to have obtained a 3 GB database containing the records of what they suggest is 90% of all doctors in Turkey, in addition to 6 GB of full source code, documents, and SSL certificates. A sample of the database shared online indicates the exposure of highly personal and professional details. A separate file containing member phone numbers was also allegedly leaked.
The compromised data allegedly includes a wide range of personally identifiable information (PII). Based on the evidence provided, the following data fields have been exposed:
- Turkish Identification Number
- Full Name
- Date and Place of Birth
- Gender
- Marital Status
- Blood Type
- Nationality
- Full Address Details
- Father’s and Mother’s Names
- Phone Numbers
- Membership and Registration Details
