Istanbul-based web hosting company Webhosting Bilişim Teknolojileri reported a personal data breach to Personal Data Protection Institution in Turkey (KVVK). Webhosting’s 3027 customers’ stolen data was released by a foreign website on 09.07.2021.
A data breach due to software vulnerability
Due to Webhosting’s report, between 15 November 2020 and 27 December 2020, the log records were open to access because of software vulnerability. Log records on the relevant date showed a leak on 27.12.2020 that the customer data was sent collectively to an IP address abroad.
This stolen data covers e-mail contents containing passwords related to services, such as identity for domain name registrations with .tr extension, company documents, signature circular, tax plate, and credit card information. Due to the importance of credit card data, card numbers were determined and reported to the payment institution.
The number of people affected by the data breach has not yet been determined. It is estimated that employees, customers, and potential customers could be affected by the breach. As a data controller, Webhosting is continuing to research the data breach.
While the investigation continues, the Council of Personal Data Protection Institution has decided to announce the data breach on the corporate website according to Personal Data Protection Law’s article 12.