MNG Kargo Yurtiçi ve Yurtdışı Taşımacılık AŞ Veri İhlali Bildirimi

28 Aug, 2021

GRC News

MNG Kargo Yurtiçi ve Dış Taşımacılık AŞ Data Violation Notification

Paragraph (5) of article 12 of the Law on the Protection of Personal Data No. 6698, titled "Obligations regarding data security" "In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its own website or by any other method it deems appropriate.” his decision is the authority.
In summary, in the data breach notification sent to the Authority by MNG Kargo Yurtiçi ve Dış Taşımacılık AŞ, which has the title of data controller;

• It is thought that the breach is in the form of infiltration through the person/persons who have unauthorized access to the accounts of the corporate customer/customers due to the obtaining of the user name and password of the corporate customer/customers via the web service offered by the data controller to the corporate customers, and that there is no system-related vulnerability,
• The violation started on 15.08.2021 and ended on 23.08.2021,
• As a result of a verbal notification from a corporate customer of the data controller on 15.08.2021, the penetration test work was started on the same day, and as a result of the investigations, the violation was detected on 23.08.2021,
• The “name-surname, address, telephone number” information of the cargo recipients was affected by the violation,
• The number of people affected by the violation could not be determined,
• It has been stated that the persons concerned can obtain information about the data breach from the https://www.mngkargo.com.tr/iletisim website, the call center at 0(850) 222 06 06 and the e-mail address [email protected].

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 26.08.2021 and numbered 2021/875, it was decided to announce the data breach notification on the Institution's website.

Penetration tests are of great importance in combating data breaches. Penetration tests should ideally be performed at least once a year, even if there are no breaches. Every penetration test performed before a data breach will actually predict existing or potential vulnerabilities in the systems before the threat actors and will serve to close the system vulnerabilities. The main purpose of the penetration test after a data breach is to find the source of the vulnerability that caused the breach and to take action to close it as soon as possible.

To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

Request a Quotation