Pursuant to the commanding provision 12/5 titled Obligations Regarding Data Security of the Personal Data Protection Law No. 6698 (“Law”), following the situation that the personal data processed by the data controller is seized by third parties unlawfully, as soon as possible, the relevant person and the Personal Data Protection It has an obligation to notify the Board of Directors (“Board”).
Quick Sigorta A.Ş., which has the title of data controller. In summary, in the data breach notification notified by the Personal Data Protection Authority (“Authority”) and shared on the Institution’s website on 07 October 2022;
- “The URL containing the images of material vehicle damages in the damage management program managed by the software company with which the data controller has a contract was captured by unauthorized persons,
- Violation occurred by accessing the images by trying various notification ID numbers by unauthorized persons,
- In the examinations, it was understood that the attacker’s attempts to log into the system were successful on 18.08.2022 and that he started data extraction attempts on 21.08.2022,
- İlgili programın çoğunlukla, kazaya karışmış hasarlı araçlara ait görüntülerden oluştuğu; halihazırda konuya ilişkin inceleme devam etmekle birlikte, hasar dosyasında yer alan bilgiler kapsamında:
- Sürücülerin kimlik görseli iletmesi halinde; isim, soyisim, T.C kimlik numarası, doğum yeri, doğum tarihi, anne adı, baba adı, cinsiyeti ve fotoğrafı,
- Sürücülerin ehliyet görseli iletmesi halinde; isim, soyisim, doğum tarihi, doğum yeri, T.C. kimlik numarası, kan grubu ve fotoğrafı,
- Trafik kaza tespit tutanağı kapsamında adres bilgisinin bulunduğu,
- Efforts to determine the number of relevant persons affected by the violation are ongoing.
- The relevant person group affected by the violation is customers/potential customers and parties involved in traffic accidents”.
You can reach the Data Breach Notification Decision via this link:https://www.kvkk.gov.tr/Icerik/7474/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-Quick-Sigorta-Anonim-Sirketi
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.