Data Breach Notice – Bilge Adam Yazılım ve Teknoloji A.Ş.

Bilge Adam Yazılım ve Teknoloji A.Ş., which has the title of data controller. In summary, in the data breach notification submitted by the Personal Data Protection Board;

• As a result of a phishing attack against the data controller, the computers of 3 personnel of the data controller were accessed and these computers were encrypted with ransomware,
• Data belonging to employees and employee candidates are kept on computers with unauthorized access,
• Personal data affected by the violation are name, surname, TR identity number and workplace registration number,
• The number of persons and records affected by the violation has not yet been determined,
• Relevant persons can receive information about the data breach via the call center and e-mail.

information is included.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – OSDS Su Artım Sistemleri San. Trade Ltd. Sti

Having the title of data controller, OSDS Su Artım Sistemleri San. Trade Ltd. Sti. In summary, in the data breach notification submitted by the Personal Data Protection Board;

• An SMS containing a link, which is considered to be fraudulent, is sent to the customers of the data controller; the sending dates of the said SMS are 26-27 May 2023,
• Data controller of MAS GSM Communication A.Ş. is in the position of data processor,
• 45,228 SMS were sent by unauthorized persons and most of the SMS sent numbers are data controller customers,
• The personal data affected by the violation are communication, location, legal action, customer transaction, transaction security, risk management, marketing and criminal conviction and security measures,
• The contact groups affected by the breach are customers and potential customers.

information is included.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Arçelik A.Ş.

Having the title of data controller, Arçelik A.Ş. In summary, in the data breach notification submitted by the Personal Data Protection Board;

• The dealers and authorized service employees with whom the data controller is contracted are awarded additional benefits within the scope of sales targets, and unauthorized access to personal data is provided due to a security vulnerability detected in the supplier systems where the Arçelik Bizbize mobile application and website are hosted,
• The data processor is the owner of the code and ownership of the relevant systems, and the data controller receives service with a model that only he/she has the opportunity to use, kod ve mülkiyet sahipliğinin veri işleyende bulunduğu, veri sorumlusunun yalnızca kullanım imkanına sahip olduğu bir modelle hizmet aldığı,
• It has been determined that unauthorized persons have access to the admin panel and that personal data has been obtained from an IP address visible in Germany,
• The relevant person groups affected by the violation are dealers and authorized service employees,
• Identity (name, surname, TCKN, title, date of birth, gender), Communication (e-mail address, GSM number), Transaction Security (LDAP (Lightweight directory access protocol) code (used for data retention and access verification) of personal data affected by the breach. code) and user password, registration and update date, last login date, account activity status, device model, version and operating system information, application version information, notification permission status), Other (within the scope of the system, dealers and authorized service employees earn points and expenditure information, expertise, training, date of employment, code, name and address of the dealer and store where the person is working, although they do not have personal information)
• The estimated number of related persons affected by the violation is 30,373,
• The data controller can obtain information from the application panel (https://privacyportal-eu.onetrust.com/webform/1ee6a6ce-9b09-49bd-b9e4-a3544706c63e/6361bf5f-8fd5-4af5-8c3a-6cd46cddca1b)

information is included.

Source of New: KVKK Public Announcement (Notification of Data Breach)