Privacy Blog
THE BREACH NOTIFICATION BY PENTI GIYIM COMPANY
10.08.2020
On 07.08.2020, the Turkish Personal Data Protection Authority (“Authority”) published an announcement regarding a data breach on its website.
The breach herein was notified to the Authority pursuant to the article 12(5) of the Law on Personal Data Protection no 6698.
In the notification sent by Penti Giyim Sanayi ve Ticaret Anonim Şirketi (Turkey) which is qualified as data controller, and its participation, Penti Çorap Sanayi ve Ticaret Anonim Şirketi (Turkey), SC Penti World SRL (Romania), Penti World LLC (Kazakhstan) ve Penti Giyim Ticaret Anonim Şirketi (Turkish Republic of Northern Cyprus) to the Authority, it is stated briefly that;
- The breach occurred due to ransom attack to the Penti Giyim Company,
- The breach occurred on 31.07.2020 and was recognised on the same date,
- As a result of the breach, ID and contact information of 650 users of the Penti Giyim Sanayi ve Ticaret Anonim Şirketi, of 130 users of Penti Çorap Sanayi ve Ticaret Anonim Şirketi, of around 42.228 customers, employees and potential customers of SC Penti World SRL, of 14 employees of Penti World LLC has been affected by the breach. Beside them ID, contact and costumer transaction data of 4 users of Penti Giyim Sanayi ve Ticaret Anonim Şirketi has been affected,
- The investigation still is ongoing and the certain number of people who has been affected is not still able to be known.
While the investigation regarding the matter herein is still ongoing, Personal Data Protection Board has decided, with the decisions no 2020/600-601-602-603-604 dated 06.08.2020, the announcement of the breach on the Authority’s website.
You can read the announcement (in Turkish) here.
Should you have any queries and/or remarks, please do not hesitate to contact us.
Kind regards,
Zumbul Attorneys-at-Law