20 Jul, 2023

KVKK Publishes Seven New Violation Notices

KVKK has made a Mivento-based cyber attack notification that affected 7 companies in total, including Vodafone, Toyota, MAİS. The common point of these violations was a cyber attack on a server belonging to Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi, which provides infrastructure services to the companies in question.

Data Breach Notification – Vodafone Distribution Service and Content Services Inc.

Vodafone Distribution Service and Content Services Inc., which has the title of data controller. In summary, in the data breach notification submitted by the Personal Data Protection Board;

  • The breach occurred in the form of a cyber attack on a server belonging to Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi, from which the data controller purchased services to provide an infrastructure service where gift/promotion applications are managed for dealer employees,
  • The violation started on 24.05.2023 and the violation was notified by the e-mail sent by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi on 12.07.2023,
  • The establishment and operation of the said website, the execution of registration processes on the site, etc. matters are managed by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi,
  • The "encrypted TCKN, name, surname and date of employment" data belonging to dealer employees were affected by the violation,
  • The number of people affected by the violation is 26698 and the number of registrations is 102780,
  • Relevant persons can obtain information through the address of kisiselverilerinkorunması@vodafone.com

expressed.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 18.07.2023 and numbered 2023/1216, it was decided to announce the aforementioned data breach notification on the Institution's website.

Source of News: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Toyota Türkiye Pazarlama ve Satış A.Ş.

Toyota Türkiye Pazarlama ve Satış A.Ş., which has the title of data controller. In summary, in the data breach notification submitted by the Personal Data Protection Board;

  • The breach occurred in the form of a cyber attack on a server belonging to Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi, from which the data controller purchased services to provide an infrastructure service where gift/promotion applications are managed for dealer employees,
  • The violation started on 24.05.2023 and the violation was notified by the e-mail sent by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi on 12.07.2023,
  • The establishment and operation of the said website, the execution of registration processes on the site, etc. matters are managed by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi,
  • The “name, surname and telephone” data of the employees were affected by the violation,
  • The number of people affected by the violation is 286 and the number of registrations is 572,
  • Relevant persons can get information through the company's call center, expressed.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 18.07.2023 and numbered 2023/1217, it was decided to announce the data breach notification on the Institution's website.

Source of News: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Mais Motorlu Araclar Imal ve Sales A.Ş.

Mais Motorlu Araçlar İmal ve Satış A.Ş., which has the title of data controller. In summary, in the data breach notification submitted by the Personal Data Protection Board;

  • The breach occurred in the form of a cyber attack on a server belonging to Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi, from which the data controller purchased services to provide an infrastructure service where gift/promotion applications are managed for dealer employees,
  • The violation started on 24.05.2023 and the violation was notified by the e-mail sent by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi on 12.07.2023,
  • The establishment and operation of the said website, the execution of registration processes on the site, etc. matters are managed by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi,
  • The “TCN, name, surname, e-mail and telephone” data of the employees were affected by the violation,
  • The number of people affected by the violation is 4776 and the number of registrations is 23861,
  • Relevant persons may request information via e-mail from the address defined for the execution of personal data protection processes at MAIS.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 18.07.2023 and numbered 2023/1221, it was decided to announce the aforementioned data breach notification on the Institution's website.

Source of News: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Schneider Elektrik Sanayi ve Ticaret A.Ş.

Having the title of data controller, Schneider Elektrik Sanayi ve Ticaret A.Ş. In summary, in the data breach notification submitted by the Personal Data Protection Board;

  • The breach occurred in the form of a cyber attack on a server belonging to Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi, from which the data controller purchased services to provide an infrastructure service where gift/promotion applications are managed for dealer employees,
  • The violation started on 24.05.2023 and the violation was notified by the e-mail sent by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi on 12.07.2023,
  • The establishment and operation of the said website, the execution of registration processes on the site, etc. matters are managed by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi,
  • The “TCN, name, surname, e-mail and telephone” data of the employees were affected by the violation,
  • The number of people affected by the violation is 12249 and the number of registrations is 35077. expressed.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 18.07.2023 and numbered 2023/1218, it was decided to announce the aforementioned data breach notification on the Institution's website.

Source of News: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Geberit Tesisat Sistemleri Ticaret Limited Şirketi

In summary, in the data breach notification submitted to the Personal Data Protection Board by Geberit Tesisat Sistemleri Ticaret Limited Şirketi, which has the title of data controller;

  • The breach occurred in the form of a cyber attack on a server belonging to Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi, from which the data controller purchased services for the establishment of a website,
  • The violation started on 24.05.2023 and the violation was notified by the e-mail sent by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi on 12.07.2023,
  • The establishment and operation of the said website, the execution of registration processes on the site, etc. matters are managed by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi,
  • The "name, surname, e-mail, telephone, gender, date of birth" data of the employees were affected by the violation,
  • The number of people affected by the violation is 743,
  • It is stated that the relevant persons can get information via [email protected] and [email protected].

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 18.07.2023 and numbered 2023/1215, it was decided to announce the aforementioned data breach notification on the Institution's website.

Source of News: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Çelik Motor Ticaret A.Ş.

Çelik Motor Ticaret A.Ş., which has the title of data controller. In summary, in the data breach notification submitted by the Personal Data Protection Board;

  • The breach occurred in the form of a cyber attack on a server belonging to Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi, from which the data controller purchased services to provide an infrastructure service where gift/promotion applications are managed for dealer employees,
  • The violation started on 24.05.2023 and the violation was notified by the e-mail sent by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi on 12.07.2023,
  • The establishment and operation of the said website, the execution of registration processes on the site, etc. matters are managed by Mivento Bilişim Hizmetleri ve Ticaret Anonim Şirketi,
  • The "TCN, name, surname and e-mail" data of the employees were affected by the violation,
  • The number of people affected by the violation is 2242 and the number of registrations is 6789,
  • In written form, Fatih Sultan Mehmet Mah. Balkan Cad. You can get information from Buyaka D:E Blok No:58 Ümraniye/Istanbul and [email protected],
  • It is also stated that the relevant persons can get information verbally from the phone number 0216656 26 00.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 18.07.2023 and numbered 2023/1220, it has been decided to announce the aforementioned data breach notification on the Institution's website.

Source of News: KVKK Public Announcement (Notification of Data Breach)


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
The cyber attack on Mivento Bilişim affected a total of 7 companies such as Vodafone, Toyota, MAİS, Schneider Elektrik, Geberit and Çelik Motor. Details are in our content.
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram