Data Breach Notification – AgeSA Hayat ve Emeklilik AŞ

In summary, in the data breach notification submitted to the Board by AgeSA Hayat ve Emeklilik AŞ, which has the title of data controller;

• The breach occurred when the data on the storage devices became inaccessible by encrypting as a result of the cyber attack on the servers of Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ (Vodatech),
• The violation occurred on 25.07.2023 and was detected on 31.07.2023,
• The relevant person group affected by the breach is customers,
• The number of persons and records affected by the violation has not yet been determined,
• Data affected by the breach; identity, communication, customer transaction, visual and audio recording data.

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 10.08.2023 and numbered 2023/1382, it was decided to announce the aforementioned data breach notification on the Institution's website.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Derimod Deri Konfeksiyon Pazarlama Sanayi ve Ticaret AŞ

In summary, in the data breach notification conveyed to the Board by Derimod Deri Konfeksiyon Pazarlama Sanayi ve Ticaret AŞ, which has the title of data controller;

• The breach occurred when the data on the storage devices became inaccessible by encrypting as a result of the cyber attack on the Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ (Vodatech) servers,
• The violation occurred on 25.07.2023 and was detected on 31.07.2023,
• The relevant person group affected by the breach is customers,
• Data affected by the breach; identity, communication, customer transaction, visual and audio recording data,
• The number of persons and records affected by the violation has not yet been determined,
• The data controller can provide information about the data breach at [email protected] and 0850 288 42 88.

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 03.08.2023 and numbered 2023/1383, it was decided to announce the data breach notification on the website of the Authority.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Oto Plan Operational Vehicle Rental Trade Inc.

In summary, in the data breach notification conveyed to the Board by Oto Plan Operational Vehicle Rental, which has the title of data controller;

• The breach occurred when the data on the storage devices became inaccessible by encrypting as a result of the cyber attack on the servers of Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ (Vodatech),
• The violation occurred on 03.08.2023 and was detected on 03.08.2023,
• The relevant person group affected by the breach is customers,
• The number of people affected by the violation is 1,236,
• Data affected by the breach; identity (name and surname), contact (phone number), customer transaction, visual and audio recording data,
• Data subjects can obtain information from the data controller's [email protected] address and www.otoplan.com.tr website regarding the data breach.

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 10.08.2023 and numbered 2023/1385, it was decided to announce the data breach notification on the website of the Authority.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – YOYO Information Technologies and Tourism Trade Inc.

In summary, in the data breach notification submitted to the Board by YOYO Bilgi Teknolojileri ve Turizm Ticaret AŞ, which has the title of data controller;

• The breach occurred when the data on the storage devices became inaccessible by encrypting as a result of the cyber attack on the servers of Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ (Vodatech),
• The violation occurred on 03.08.2023 and was detected on 03.08.2023,
• The relevant person group affected by the breach is customers,
• 5,464 people were affected by the violation,
• Personal data affected by the breach; identity (name and surname), contact (phone number), customer transaction, visual and audio records,
• The data controller can provide information about the data breach from [email protected] and www.driveyoyo.com website. information is included.

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 10.08.2023 and numbered 2023/1386, it was decided to announce the data breach notification on the website of the Authority.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Gulf Sigorta AŞ 

In summary, in the data breach notification submitted to the Board by Gulf Sigorta AŞ, which has the title of data controller;

• The breach occurred when the data on the storage devices became inaccessible by encrypting as a result of the cyber attack on the servers of Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ (Vodatech),
• The violation occurred on 31.07.2023 and was detected on the same date,
• The relevant group of persons affected by the violation are employees and customers,
• Data affected by the breach; identity (name and surname), communication (e-mail, phone number), visual and audio recording (voice, e-mail correspondence) data,
• 295,288 people were affected by the violation

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 03.08.2023 and numbered 2023/1384, it was decided to announce the data breach notification on the website of the Authority.

Source of news: KVKK Kamuoyu Duyurusu (Veri İhlali Bildirimi)

Data Breach Notification – Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ

In summary, in the data breach notification submitted to the Board by Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ, which has the title of data controller;

• The breach occurred as a result of the cyber attack on the servers of the data controller, by encrypting the data on the storage devices and making them inaccessible,
• The violation occurred on 25.07.2023 and was detected on 31.07.2023,
• The relevant person group affected by the violation is employees, family members of employees, suppliers, business partners, customer employees and employee candidates,
• Data affected by the breach; Identity, Communication, Personnel, Finance, Professional Experience data,
• 9746 people were affected by the violation,
• The data controller can provide information about the data breach at [email protected].

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 03.08.2023 and numbered 2023/1336, it was decided to announce the data breach notification on the website of the Authority.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Breach Notification – Diler Holding A.Ş. and Group Companies

Having the title of data controller;

• Diler Holding A.Ş.
• Atlas Enerji Üretim A.Ş.
• Bodova Turizm Yachting San. ve Tic. Inc.
• Diler Demir Çelik Endüstri ve Ticaret Anonim Şirketi
• Diler Denizcilik ve Tic. Inc.
• Diler Elektrik Üretim A.Ş.
• Diler Foreign Trade Inc.
• Esm Shipping and Trade Joint Stock Company
• Eti Toprak Industry and Trade Inc.
• Renar Herbal Production Industry and Trade Inc.
• Resa Demir Sanayi ve Ticaret Anonim Şirketi
• Yazıcı Demir Çelik San. and Tourism Trade. Inc.

In summary, in the personal data breach notifications sent by the Agency;

• Data controller systems were infiltrated by exploiting the firewall vulnerability, and user accounts were compromised with a password attack, and ransomware was loaded with the compromised accounts,
• The violation started on 06.08.2023 and was detected on the same day,
• The violation was detected as a result of interruption of access to virtual servers,
• The relevant person groups affected by the violation are employees and users,
• The categories of personal data affected by the breach are identity, communication, personal, legal action, customer transaction, physical space security, transaction security, risk management, finance, professional experience, marketing and audiovisual records,
• The number of people affected by the violation is 1200

information is included.

Although the investigation on the subject continues, the Decisions of the Personal Data Protection Board dated 10.08.2023 and numbered 2023/1393 - 1394 - 1395 - 1396 - 1397 - 1398 - 1399 - 1400 - 1401 - 1402 - 1403 - 1404 decided to be posted on the website.

Source of New: KVKK Public Announcement (Notification of Data Breach)

Data Violation Notification – UPS Fast Cargo Transport Inc. 

In summary, in the data breach notification submitted to the Board by UPS Fast Cargo Transportation Inc., which has the title of data controller;

• The breach occurred when the data on the storage devices became inaccessible by encrypting as a result of the cyber attack on the Vodatech Bilişim Proje Danışmanlık Sanayi ve Dış Ticaret AŞ (Vodatech) servers,
• The violation occurred on 25.07.2023 and was detected on 04.08.2023,
• The relevant person group affected by the breach is customers,
• The number of persons and records affected by the violation has not yet been determined,
• Data affected by the breach; identity, communication, customer transaction, visual and audio records,
• The data controller can provide information about the data breach at [email protected].

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 10.08.2023 and numbered 2023/1387, it was decided to announce the aforementioned data breach notification on the website of the Authority.

Source of New: KVKK Public Announcement (Notification of Data Breach)