Pursuant to the commanding provision 12/5 titled Obligations Regarding Data Security of the Personal Data Protection Law No. 6698 (“Law”), following the situation that the personal data processed by the data controller is seized by third parties unlawfully, as soon as possible by appropriate means and It has an obligation to notify the Board of Directors (“Board”).
In summary, in the data breach notification notified to the Personal Data Protection Authority (“Authority”) by Infomag Reklam ve Özel Dergisi Yayıncılık Hizmetleri Ticaret Anonim Şirketi, which has the title of data controller, and shared on the Institution’s website on October 14, 2022;
- “The data in the database of the website of the data controller was deleted by unauthorized persons, and the breach occurred and a ransom message was left in the database folder that was accessed without authorization,
- The violation was detected on 07.09.2022 as a result of the warning message sent by the web server and the messages sent by the web editors stating that access to the site was cut off,
- The relevant person groups affected by the breach are users and subscribers/members,
- The personal data affected by the breach are the name, surname, e-mail information of the users who created a free membership, the name, surname, e-mail, TR ID number, address and telephone information of the users who have made a paid subscription,
- The number of people and records affected by the violation is uncertain,
- It is stated that the relevant persons can get information about the data breach from the e-mail address of [email protected]”.
You can reach the Data Breach Notification Decision via this link: https://www.kvkk.gov.tr/Icerik/7480/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-Infomag-Reklam-ve-Ozel-Dergi-Yay-Hiz-Tic-A-S
