Rezzan Günday (Şimşek Pharmacy)Data Breach Notification Public Announcement
Within the scope of the data breach notification process stipulated in the provision entitled “Obligations regarding data security” of the Personal Data Protection Law (“Law”), Rezzan Günday (Şimşek Pharmacy), who is the data controller, has made a data breach notification to the Authority. It is stated in the related notification briefly that;
– The breach occurred by obtaining and transferring the T.R. identity numbers of the patients without their knowledge to another pharmacy and by using the identity numbers on an app and supplying medicine in epidemic period by the former employee of the data controller.
– The breach has been occurring at least since October 2019 and was detected in 11.08.2020.
– Personal data affected by the breach are T.R. identity number, telephone number, the status of the patient (retired, working), authority name.
– Sensitive personal data affected by the breach are medical information (patient information, patient reports, medicines used by the patients)
– Persons affected by the breach are patients.
– The number of people affected by the breach is unknown
– A criminal complaint was made to the Office of the Chief Public Prosecutor about the incident subject to the breach.
Dap Rotana Dalga ve Vazo Rezidans Toplu Yapı Yöneticiliği Data Breach Notification Public Announcement
Within the scope of the data breach notification process stipulated in the provision titled “Obligations regarding data security” of the Personal Data Protection Law (“Law”), Dap Rotana Dalga ve Vazo Rezidans Toplu Yapı Yöneticiliği who is the data controller, has made a data breach notification to the Authority. It is stated in the related notification briefly that;
– The breach occurred when personal data of flat owners were shared with third parties by an employee.
– The breach occurred between 9:00 and 17:00 in 05.03.2020 and was detected in 13.08.2020.
– Personal data affected by the breach are data categories of identity, contact, location and legal transaction (name, surname, T.R. identity number, address, telephone number and license plate information if exists)
– Persons affected by the breach are flat owners and residents.
– The number of people affected is 2328, and the number of records affected is 11640 by the breach.
Kariyer.net Elektronik Yayıncılık ve İletişim Hiz. A.Ş. Data Breach Notification Public Announcement
Within the scope of the data breach notification process stipulated in the provision titled “Obligations regarding data security” of the Personal Data Protection Law (“Law”), Kariyer.net Electronic Publishing and Communication Services Inc. Co., who is the data controller, has made a data breach notification to the Authority. It is stated in the related notification briefly that;
– The breach was detected by a consultant, who provides service to Kariyer.net as a supplier, by sharing the information that a file, which belongs to 50.000 members of the abovementioned site, was uploaded to a site on 12 August 2020, with an employee of Kariyer.net on the same date.
– The breach occurred in 10.08.2020 and was detected by Kariyer.net in 12.08.2020.
– Datas effected by the breach were informations of “e-mail address”, “password”, “name surname”, “date of birth”, “telephone number”, “profile picture”, “URL link information”, “city of residence”, “district of residence”
– Number of people affected is 40.955, number of records effected is 53.149 by the breach
– Related persons can gain information about the data breach from the address, adaydestek@kariyer.net and telephone number, 0 216 468 76 00
Barilla Food, Inc. Co. Data Breach Notification Public Announcement
Within the scope of the data breach notification process stipulated in the provision titled “Obligations regarding data security” of the Personal Data Protection Law (“Law”), Barilla Food Inc. Co., who is the data controller, has made a data breach notification to the Authority. It is stated in the related notification briefly that;
– The breach occurred when cyber-attack was carried out in 12.08.2020 and ransomware was run on the serves ensuring that files and disks are inaccessible.
– 4 GB of data was outsourced according to the notification of the ransomers and the inspection of IBM.
– The content of the data has not been determined yet; the investigations are continuing.
– Related person groups, the number of people and the personal data affected by the breach have not yet been determined.