Yamaha Motor Europe N.V. is the data controller. In summary, in the data breach notification submitted to the Personal Data Protection Board by:

• The breach was detected on 26.03.2024 after an independent cyber security researcher reported a security vulnerability in the data controller's Customer Record Management (CRM) system to the data controller,
• The exact start date of the violation is not known and it may have started in 2019.
• It was determined that the security vulnerability was caused by an incorrect configuration in the customer portal running on the CRM system, and due to this incorrect configuration, any registered user could access the personal data of other users,
• It is thought that all customer records added to the CRM system in 2021 and before are affected by this security vulnerability,
• 35,988 people from Turkey may have been affected by the violation,
• The relevant person groups affected by the breach are customers and potential customers,
• Personal data affected by the breach; name-surname, gender, e-mail address, (internal) customer number data, and for a small number of people, additionally postal address and telephone number data.

information is included.

Although the investigation on the issue continues, with the Decision of the Personal Data Protection Board dated 03.04.2024 and numbered 2024/587, it was decided to announce the data breach notification on the Authority's website.

Source of New: KVKK Public Announcement (Notification of Data Breach)