In summary, in the data breach notification and follow-up notification submitted to the Board by Getir Perakende Lojistik Anonim Şirketi (Getir) and Bitaksi Mobil Teknoloji Anonim Şirketi (BiTaksi);

• In an e-mail that reached the top management of Getir on 11.03.2023, a malicious third party claimed that BiTaksi (a technology company founded by the founder of Getir) had some personal data belonging to its users and shared some data lines as an example,
• Two separate e-mails sent to a Getir official on 23.03.2023 and by a malicious third party to Getir's corporate e-mail address on 25.03.2023, alleged that personal data about Getir were breached on the dark web and that they belong to Getir customers. links (URL) containing personal data are shared,
• The content on the dark web has started to be reviewed by the response team within Getir; It has been determined that the data contained in one of the software to which the log records are transferred, coincide with the data in the relevant darkweb posts,
• On the other hand, the data shared on the dark web does not overlap with the data in Bitaksi systems and the personal data of Bitaksi users are not violated,
• Getir; It has been determined that the data contained in one of the software to which the log records are transferred, coincide with the data in the relevant darkweb posts, For users of Getir, of personal data affected by the breach; ID (name, surname, TR ID number, gender), contact (GSM number, e-mail address, delivery address) account (Getir customer number and account creation date), customer transaction (last order date and number given from Getir application, order Bring vertical [Bring, Bring Big, Bring Meal etc.], order content, number of canceled orders and total number of orders), other (last login date and location to Bring application, communication permissions given to Bring) information, Bring for couriers serving their dealers; identity (name, surname), contact (GSM number), audio-visual records (profile photo), other (instant location information and Getir employee number) information,
• The estimated number of people affected by the breach is 5098; however, not every category of data affected is applicable to all data subjects,
• Regarding the violation, the relevant persons can be sent via e-mail to [email protected] or to Etiler Mah. Tanburi Ali Efendi Sok. Maya Residences Sitesi, T Blok, No: 13 Interior Door NO: 334 Beşiktaş/Istanbul, where they can get information.

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 30.03.2023 and numbered 2023/496, it was decided to announce the aforementioned data breach notification on the Institution's website.

Source of New: KVKK Public Announcement (Notification of Data Breach)