Paragraph (5) of article 12 of the Law on the Protection of Personal Data No. 6698, titled "Obligations regarding data security" "In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its own website or by any other method it deems appropriate.” his decision is the authority.
In summary, in the data breach notification sent to KVKK on 26.08.2021 by Sinoz Kozmetik Sanayi Ticaret AŞ, which has the title of data controller;

• During the database update, customer information in the database is captured by leaking from the open port,
• The violation took place on 23.08.2021
• The violation was detected by examining the log records during the database scan after the update,
• The relevant group of persons affected by the breach are customers/prospects,
• 1,352,358 people were affected by the violation,
• The personal data affected by the breach is the name, surname, e-mail and mobile phone information of customers and potential customers,
• It has been stated that the relevant persons can request information about the data breach from the e-mail address [email protected].

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 26.08.2021 and numbered 2021/874, it was decided to announce the data breach notification on the Institution's website.

Another sector that has been affected by the increasing data breaches recently is the cosmetics sector. In particular, the increase in the number of e-commerce users day by day and the increase in the volume of personal data processed accordingly necessitated the urgent administrative and technical measures of the companies. In this way, institutions can prevent possible vulnerabilities before data breaches occur. It will be very useful to follow these actions by internalizing the personal data processing policies and procedures by all components.