DATA BREACH NOTIFICATION FROM YEMEK SEPETI!

29.03.2021

The Turkish Personal Data Protection Authority shared the data breach notification sent by Yemek Sepeti Elektronik İletişim Perakende Gıda Lojistik A.Ş through official website as a public announcement.

Briefly, in the letter sent to the Personal Data Protection Authority by Yemek Sepeti Elektronik İletişim Perakende Gıda Lojistik A.Ş.  as the data controller, the following issues are reported;

  • In 18.03.2021 an access to the web application server by unidentified persons was occured,
  • Due to an error in the tool which alerts to an unauthorizied access, it couldn’t be noticed,
  • While the warnings in 25.03.2021 were analyzed, a suspicious conduct was detected,
  • There was a deficieny on the web application, by this means an application was installed and an access to the server was occured,
  • 21.504.083 users have been affected by the breach,
  • The data which affected by the breach were partially defined by the data controller, personal data categories affected by the breach are username, address, phone number, e-mail, password, and IP,
  • Financial data and data related with credit cards have not been affected since these are under Mastercard’s protection as an independent data controller.

While the examination on the subject is continuing, data subjects can get information about the data breach from info@yemeksepeti.com.

You can find the public announcement (in Turkish) here.