Dubsmash, one of the IOS and Android applications that has been very fashionable in our country in the past years and where users can dub movies and music, came to the fore with a data breach this time. Data belonging to 162 million people globally and 679.269 people from Turkey were leaked and used by unauthorized persons. The Dubsmash database, which contains personal data of users such as username, password, date of birth, phone number, e-mail address, country and language, has been on sale on Darknet Web since 2018.

The Personal Data Protection Board has decided to impose an administrative fine of 730,000 TL on Dubsmash for the following reasons.

• Not taking sufficient technical and administrative measures to ensure data security (680.000 TL)
• Failure to notify as soon as possible in case of a data breach (50,000 TL)

Within the framework of this event, we can say that even though technical measures are included in a single article of the Law, systems with weaknesses completely affect compliance with the Law. Within the framework of KVKK compliance, the existing vulnerabilities and risks of the organization are determined and technical measures to be taken reduce the risk of data breach. Although our subject is a Law, Cyber Security and Governance should not be ignored as an integral part of this law. The breach in Dubsmash could have been prevented by the timely activation of the correct Cyber Security shields.