Pursuant to the commanding provision 12/5 titled Obligations Regarding Data Security of the Personal Data Protection Law No. 6698 (“Law”), following the situation that the personal data processed by the data controller is seized by third parties unlawfully, as soon as possible, the relevant person and the Personal Data Protection It has an obligation to notify the Board of Directors (“Board”).
Marmara University
In the data breach notification, which was notified to the Board by Marmara University, which has the title of data controller, and shared on the Board's website on September 22, 2022;
- “On 15.09.2022, an authorized user account in the SMS sending service within the Data Controller's Information Management System (BYS) was obtained by an unauthorized person and the violation occurred by sending an SMS,
- It has also been determined that 3 new user account definitions have been made, since the seized user account has the authority to define new user accounts,
- It is possible to send "bulk sms" through the dynamic reporting screen subject to unauthorized access and access the identity, contact and personal information of the academic and administrative staff working at the university,
- The number of people affected by the violation is 5698,
- The relevant group of persons affected by the violation are employees and users,
- It is stated that the relevant persons can get information about the violation by calling 0216 7771590 or sending an e-mail to [email protected].
You can reach the relevant data breach via the link below: https://www.kvkk.gov.tr/Icerik/7451/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-Marmara-Universitesi
Fuudy Electronic Communication Retail Food Logistics Joint Stock Company
In summary, in the data breach notification notified to the Board by Fuudy Elektronik İletişim Perakende Gıda Lojistik Anonim Şirketi (“Fuudy”), which is the data controller, and shared on the website of the Board on September 22, 2022;
- The date on which the breach started has not yet been determined, and the breach was detected by the data controller on 12.09.2022,
- An e-mail regarding the alleged violation was sent to the corporate e-mail address of the data controller,
- The records in the e-mail regarding the alleged violation match the records within Fuudy,
- How the person or persons who committed the violation obtained this information and the method by which the violation was committed has not yet been determined, and the determination studies on how the violation took place are continuing,
- The personal data affected by the breach are the name, surname, e-mail address, mobile phone number and address ID included in the test part of the system, and the address ID included in these personal data is not up-to-date,
- It is stated that the estimated number of people affected by the violation is approximately 81,452 and studies are continuing to determine the exact number of people.
You can reach the relevant data breach via the link below: https://www.kvkk.gov.tr/Icerik/7450/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-Fuudy-Elektronik-Iletisim-Perakende-Gida-Lojistik-Anonim-Sirketi
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.