MNG Cargo, which has a wide transportation network in our country, announced that some of its corporate customers were attacked by cyber attacks as a result of their user names and passwords being seized. Notifying the Personal Data Protection Authority, the company announced that the names, surnames, addresses and phone numbers of the cargo recipients were seized.
The company, which was able to detect the leak that started on August 15, on August 23, stated that the number of people affected by this situation is uncertain, and that there is no flaw in the system, and that the situation that caused the leak was due to the seizure of corporate customer accounts.
“Investigations on the subject continue”
MNG Cargo, in its notification to the KVKK, stated that the investigations on the subject are continuing, and that the persons affected by the data breach can be found on MNG Cargo’s website www. mngcargo. com. tr and 0(850) 222 06 06 numbers announced that they can get information from the call center.
KVKK made the following statements in its announcement on the subject:
As it is known, paragraph (5) of article 12 of the Law on Protection of Personal Data No. 6698, titled “Obligations regarding data security”, “In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its own website or by any other method it deems appropriate. ” is the ruling.
If it is summarized in the data breach notification sent to the Authority by MNG Kargo Yurtiçi ve Dış Taşımacılık AŞ, which has the title of data controller;
- It is thought that the breach is in the form of infiltration through the person/persons who have unauthorized access to the accounts of the corporate customer/customers due to obtaining the user name and password of the corporate customer/customers via the web service offered by the data controller to the corporate customers, and that there is no system-related vulnerability,
- The violation started on 15.08. 2021 and ended on 23.08. 2021,
- 15. As a result of the verbal notification from a corporate customer of the data controller on 08. 2021, the penetration test work was started on the same day, and as a result of the examinations, the violation was detected on 23. 08. 2021,
- The “name-surname, address, telephone number” information of the cargo recipients are affected by the violation,
- The number of people affected by the violation could not be determined,
- https://www. mngcargo. com. tr/iletisim website, call center 0(850) 222 06 06 and [email protected] e-mail address. has been expressed.
Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 26.08. 2021 and numbered 2021/875, it has been decided to announce the data breach notification on the Institution’s website.
It is announced to the public with respect.