Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Turkey: KVKK announces Yamaha Motor Europe data breach

On April 3, 2024, the Personal Data Protection Authority (KVKK) disclosed a data breach involving Yamaha Motor Europe N.V. (Yamaha Motor Europe). The KVKK highlighted that Yamaha Motor Europe promptly notified them of the breach, as required by Article 12(5) of the Law on Protection of Personal Data No. 6698.

According to Yamaha Motor Europe's notification, the breach was detected on March 26, 2024, by an independent cybersecurity researcher who identified a security vulnerability in Yamaha Motor Europe's customer registration management (CRM) system. While the exact start date of the breach remains unclear, Yamaha Motor Europe noted it might have been initiated in 2019.

The security vulnerability stemmed from a misconfiguration in the customer portal operating on the CRM system, enabling any registered user to access other users' personal data. It is presumed all customer records added to the CRM system before 2021 were affected.

Approximately 35,988 individuals from Turkey are estimated to have been impacted by the breach, including customers and potential customers, with compromised personal data such as name, surname, gender, email address, (internal) customer number data, and, for a limited number of individuals, postal address and telephone number data.

You can read the press release here, only available in Turkish.