The Turkish Personal Data Protection Authority (the “Authority”) has published a violation notice for the first time on May 4, 2018 via its website. On this particular notice, Authority has paid attention to the letter provided from a transportation network company based in Dubai (“C. I.”) that conducts also its activities in the territory of Turkey through a company (“C. A.S.”) and decided to announce the “unauthorized access” on the official website of the Authority in accordance with the decision dated May 2, 2018 and numbered 2018/45.
The Authority provided information through the letter dated 18 April 2018 received from the “C.I.” as follows:
- On 01.14.2018, unauthorized third parties have accessed to the computer system, which kept the personal data of costumers and drivers. (As a result of the investigation made, it is deducted that the details of the related subject came to light on 21 March 2018)
- The company, started running an expert examining and has charged a cyber security company about this violation,
- Due to the unauthorized access 103.337 customers and 900 drivers have been impacted by this particular event in Turkey,
- Among the accessed personal data, there might be customer names, phone numbers, information of credit cards, e-mail addresses, location information of the costumers, transportation details, phone numbers of drivers, model of the cars and their license plate, international bank account numbers, identity number and driving license information.
Please click below to obtain full announcement of the Authority:
https://www.kvkk.gov.tr/Icerik/4219/Kamuoyu-Duyurusu-Ihlal-Bildirimi-
Regards,
Çelikbaş Law Office