Having the title of data controller, Barçın Spor Malzemeleri Ticaret ve Sanayi A.Ş. In summary, in the data breach notification notified by the Personal Data Protection Authority ("Institution") and shared on the Authority's website on 22 June 2022;
- 187,930 that the data is obtained by third parties through middleware program used to convert the excel format file containing the personal data of the relevant person to csv format, span>
- The violation was learned through the news on a website,
- The contact groups affected by the breach are users and customers and potential customers,
- Personal data categories affected by the breach are identity (name, surname, gender), contact (phone number, e-mail address), customer transaction (customer ID) and other (date of joining the site) information,
- The customer IDs in the excel table, which were obtained by third parties, do not match the customer IDs in our data controller systems,
- The number of people affected by the violation is 187,930,
- It is stated that the relevant persons can get information through the call center, whatsapp support line, social media channels and e-mail address of the data controller.
Conclusion:
As seen in the aforementioned data breach notification; The need to pay attention to the security of the middleware programs used in data transfer, which is one of the necessary technical measures to ensure the security of the personal data processed, and the regular checking by taking other technical and administrative measures will help to detect and eliminate potential security weaknesses that may occur. These obligations, which must be complied with by data controllers, are of great importance in order to prevent any unjust treatment that may occur both on their behalf and on behalf of the persons whose data is processed.
