15 Jul, 2021

Hosting.com.tr Data Breach

CyberArts Cyber Security unit detected a threat actor on one of the dark web forums, claiming to have the user data of 'hosting.com.tr' and to sell them on this forum site, but for a while to publish it for free.

According to the Data Breach Notice published by the Personal Data Protection Authority on 13 July 2021;

In summary, in the personal data breach notification sent to the Institution by Webhosting Bilişim Teknolojileri AŞ, which has the title of data controller;

• On 09.07.2021, on a foreign site, the records of December 2020, which are thought to be data, were shared and a research was carried out by the data officer on the subject,

• As a result of the controls, it was determined that there was a leak on 27.12.2020, that the customer data was sent collectively to an IP address abroad on the relevant date in the log records and that the data leak occurred once,

• It is estimated that a leak has occurred due to a software vulnerability, but detailed investigation is ongoing,

• Identity, communication, customer transaction, finance and other categories of personal data affected by the breach (such as details of customers' services, e-mail contents containing some passwords related to services, identity related to domain name registrations with .tr extension, company documents, signature circular, tax plate, etc.) documents. There are 3027 credit card information due to accidentally leaving the log records open between November 15, 2020 and December 27, 2020,

• Due to the importance of credit card data, card numbers are determined at the first stage and reported to the payment institution,

• The number of people affected by the violation has not yet been determined,

• It has been stated that the groups of people affected by the violation are employees, users and customers/potential customers. Especially in IT companies, more and more data breaches are on the agenda. As can be seen from the decision, it was stated that the data breach occurred in the IT company was due to a software flaw, the leak occurred, and important information such as credit card information was also seized during the leak. At this point, we can actually conclude how important cyber security, precautions and measures are even for IT companies.

To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram