In summary, in the data breach notifications submitted to the Personal Data Protection Board by Vava Cars Turkey Automotive Joint Stock Company, which is the data controller;

• Your violation; occurred as a result of an internal user's credentials being captured and used to access application data,
• The violation occurred on 31.10.2023 and was detected on the same day,
• The number of people affected by the violation is 32,589,
• The relevant person groups affected by the breach are employees, users, subscribers/members, customers and potential customers,
• Categories of personal data affected by the breach;
  • Customer data provided when purchasing a car including name, address, telephone number, email, IBAN, bank details price, VIN, license plate number and vehicle information
  • Customer data provided for the appointment, including name, address, phone number, email, appointment date, center name and license plate number
  • Dealer data including name, email, phone number, address, contact name
  • Customer data including customer name, email, phone number
  • Warehouse data including name, address, email, city, administrator name
  • Tender details including starting price, reserve price, buy now price, total cost, vehicle details
• Relevant persons can receive information about personal data breach from the data controller via e-mail and call center.

information is included.

Although the investigation on the issue continues, with the Decision of the Personal Data Protection Board dated 09.11.2023 and numbered 2023/1927, it was decided to announce the data breach notifications on the Authority's website.

Source of New: KVKK Public Announcement (Notification of Data Breach)