Turkey: KVKK publicly announces data breach from ransomware attack
The Personal Data Protection Authority ('KVKK') made, on 6 August 2020, a public announcement of a data breach resulting from a ransomware attack which affected Penti Giyim Sanayi ve Ticaret Anonim Şirketi and its affiliates. In particular, the KVKK highlighted that, under Article 12(5) of the Law on Protection of Personal Data No. 6698, in cases where the processed data is accessed illegally, the data controller has an obligation to notify the relevant persons and the KVKK. In addition, the KVKK noted that the breach affected, among other things, the communication and identity data of 45,242 employees, as well as customer data, and that the investigation into the breach will continue.
You can read the announcement, only available in Turkish, here.