Data Breach Notifications Dated November 10, 2023 Published by the Personal Data Protection Authority
- Vava Cars Turkey Automotive Inc.
- Demirkol Hotel Management Tourism and Trade Inc.
I.Vava Cars Turkey Automotive Inc. Data Breach Notification
In summary, in the data breach notifications submitted to the Personal Data Protection Authority (“Authority”) by Vava Cars Turkey Automotive Joint Stock Company, which has the title of data controller;
The breach occurred as a result of an internal user’s credentials being compromised and used to access application data, the breach occurred on 31.10.2023 and was detected on the same day, the number of people affected by the breach was 32,589, the relevant groups of people affected by the breach were employees, users, subscribers/members and customers and potential customers,
The categories of personal data affected by the breach;
- Customer data provided when purchasing a car, including name, address, phone number, email, IBAN, bank details price, VIN, license plate number and vehicle information,
- Customer data provided for the appointment, including name, address, phone number, email, appointment date, center name and license plate number,
- Reseller data including name, email, phone number, address, contact name,
- Customer data including customer name, email, phone number,
- Repository data including name, address, email, city, admin name,
- The tender details including starting price, reserve price, buy now price, total cost, vehicle details,
It is stated that data subjects can receive information about personal data breach from the data controller via e-mail and call center.
II.Demirkol Hotel Management Tourism and Trade Inc. Data Breach Notification
In the data breach notification submitted by Demirkol Hotel Management Tourism and Trading In summary, in the data breach notification submitted to the Personal Data Protection Authority (“Authority”) by the Joint Stock Company; The breach occurred on 04.11.2023 with a ransomware attack,
The categories of personal data affected by the breach;
- Credentials, contact, location, personal, legal, customer transaction, transaction security, risk management, finance, professional experience, marketing, audio-visual and visual records and racial and ethnic origin information,
- The number of people affected by the breach was declared as 5 and the number of records as 300,000,
It is stated that the relevant persons can obtain information about the breach through the website https://www.arcadehotelistanbul.com/ .
III.Conclusion
Data breach notifications published by the Personal Data Protection Authority (“Authority”) on November 10, 2023.
Paragraph (5) of Article 12 titled “Obligations Regarding Data Security” of the Personal Data Protection Law No. 6698 (“Law”) “In case the processed personal data is obtained by others through unlawful means, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its website or by any other method it deems appropriate.” Pursuant to the provision, data breach notifications were published by the Authority.
Feel free to contact us for more detailed information.