Pursuant to the commanding provision 12/5 titled Obligations Regarding Data Security of the Personal Data Protection Law No. 6698 (“Law”), following the situation that the personal data processed by the data controller is seized by third parties unlawfully, as soon as possible, the relevant person and the Personal Data Protection It has an obligation to notify the Board of Directors (“Board”).
In summary, Private Keystone Education and Training Dan. Inc. in the data breach notification notified by the Personal Data Protection Authority (“Authority”) and shared on the website of the Authority on September 23, 2022;
- “The violation occurred by opening the closed e-mail address of a former teacher working with the data controller and sending e-mails to all school parents and staff, including the school’s accounting records, the wage scale information in Drive, and the names of parents and students,
- The violation took place on 22.09.2022 and was detected on the same day,
- Personal data affected by the breach consists of identity, communication, personal, legal action, transaction security, risk management, financial information and other categories,
- The number of persons and records affected by the violation has not yet been determined,
- The relevant person groups affected by the breach are employees, users, subscribers/members, students and customers/potential customers”.
You can reach the Data Breach Notification Decision via this link: https://kvkk.gov.tr/Icerik/7452/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-Ozel-Keystone-Egitim-ve-Egitim-Dan-A-S-
