In summary, in the data breach notification submitted to the Personal Data Protection Board by Telcoset İleri Teknoloji Strategic Business Development Consultancy Inc., which is the data controller;

• The breach occurred through a ransomware attack on the data controller systems on October 15, 2022,
• No data breach notification was made because the system was accessed again through backups and it was thought that no data leakage occurred,
• Within the scope of threat intelligence activity, intelligence was received on 18.09.2023 that some information was seized by attackers and sold or attempted to be sold on the internet,
• During the investigations, it was seen that the data regarding the cyber attack suffered on the dates in question was located on the dark web,
• Personal data "identity, communication, personnel, legal transaction, transaction security, professional experience data" and special personal data "health information and criminal conviction and security measure data" were affected by the breach,
• The relevant person groups affected by the violation are employees, legal entity (customer, potential customer and supplier) employees, suppliers and supplier officials,
• Studies on the number of people affected by the violation are still ongoing, but the estimated number of people is over 1000,
• Relevant persons can receive information about the data breach from the e-mail address [email protected]

information is included.

Although the investigation on the issue continues, with the Decision of the Personal Data Protection Board dated 28.09.2023 and numbered 2023/1684, it was decided to announce the data breach notification on the Authority's website.

Source of New: KVKK Public Announcement (Notification of Data Breach)