Daily Sabah logo

Politics
Diplomacy Legislation War On Terror EU Affairs Elections News Analysis
TÜRKİYE
Istanbul Education Investigations Minorities Expat Corner Diaspora
World
Mid-East Europe Americas Asia Pacific Africa Syrian Crisis Islamophobia
Business
Automotive Economy Energy Finance Tourism Tech Defense Transportation News Analysis
Lifestyle
Health Environment Travel Food Fashion Science Religion History Feature Expat Corner
Arts
Cinema Music Events Portrait Reviews Performing Arts
Sports
Football Basketball Motorsports Tennis
Opinion
Columns Op-Ed Reader's Corner Editorial
PHOTO GALLERY
JOBS ABOUT US RSS PRIVACY CONTACT US
© Turkuvaz Haberleşme ve Yayıncılık 2025

Daily Sabah - Latest & Breaking News from Turkey | Istanbul

  • Politics
    • Diplomacy
    • Legislation
    • War On Terror
    • EU Affairs
    • Elections
    • News Analysis
  • TÜRKİYE
    • Istanbul
    • Education
    • Investigations
    • Minorities
    • Expat Corner
    • Diaspora
  • World
    • Mid-East
    • Europe
    • Americas
    • Asia Pacific
    • Africa
    • Syrian Crisis
    • Islamophobia
  • Business
    • Automotive
    • Economy
    • Energy
    • Finance
    • Tourism
    • Tech
    • Defense
    • Transportation
    • News Analysis
  • Lifestyle
    • Health
    • Environment
    • Travel
    • Food
    • Fashion
    • Science
    • Religion
    • History
    • Feature
    • Expat Corner
  • Arts
    • Cinema
    • Music
    • Events
    • Portrait
    • Reviews
    • Performing Arts
  • Sports
    • Football
    • Basketball
    • Motorsports
    • Tennis
  • Gallery
  • Opinion
    • Columns
    • Op-Ed
    • Reader's Corner
    • Editorial
  • TV
  • Business
  • Automotive
  • Economy
  • Energy
  • Finance
  • Tourism
  • Tech
  • Defense
  • Transportation
  • News Analysis

Watchdog slaps Yemeksepeti $140,113 fine over personal data breach

by Daily Sabah

ISTANBUL Feb 07, 2022 - 4:14 pm GMT+3
The Yemeksepeti mobile app is seen on a phone screen close up. (Shutterstock Photo)
The Yemeksepeti mobile app is seen on a phone screen close up. (Shutterstock Photo)
by Daily Sabah Feb 07, 2022 4:14 pm

Turkey's Personal Data Protection Board (KVKK) has imposed an administrative fine of TL 1.9 million ($140,113) on the country’s largest online food delivery website and smartphone app Yemeksepeti whose data was leaked to hackers due to a cyberattack that went undetected for eight days, the watchdog said Monday.

The platform’s database was breached by hackers reportedly demanding ransom in November last year, which had initially been denied by Yemeksepeti.

The KVKK noted that the web application server belonging to the company responsible for the data was accessed by installing an application and running commands due to the vulnerability in the server, and more than 21 million users were affected by this violation.

Considering the large number of people affected by the breach of access to usernames, addresses, phone numbers, email addresses, passwords and IP information, and the fact that almost the entire customer database was leaked, the breach was a very large-scale one, it said.

When the extent of the violation, the size of the leaked data and the nature of the leaked personal data is considered, the watchdog said this would pose significant risks such as loss of control over personal data for the persons concerned.

"The installation and operation of malicious software on the system could not be noticed by the data controller for eight days, therefore, it has been revealed that the data controller has a fault at the point of checking that the software and services are working and determining whether there is any infiltration or any action that should not occur in the information networks," the KVKK statement said.

The cyberattack was later noticed as a result of the investigation carried out by Yemeksepeti security teams, however the watchdog said, the incident showed the lack of an effective control mechanism on the third-party companies that the data controller receives service from, and the deficiencies in the follow-up of security software and the use of security procedures.

The attackers forwarded the data they obtained from the data controller to an IP address/server located in France, and 28.2 gigabytes (GB) of data coming out of the system, or outgoing traffic, was unnoticed by the data controller, it said.

  • shortlink copied
  • Last Update: Feb 07, 2022 5:16 pm
    KEYWORDS
    personal data protection kvkk yemeksepeti cyberattack
    The Daily Sabah Newsletter
    Keep up to date with what’s happening in Turkey, it’s region and the world.
    You can unsubscribe at any time. By signing up you are agreeing to our Terms of Use and Privacy Policy. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    No Image
    Firey spring festival back in full swing after pandemic: Nevruz
    PHOTOGALLERY
    • POLITICS
    • Diplomacy
    • Legislation
    • War On Terror
    • EU Affairs
    • News Analysis
    • TÜRKİYE
    • Istanbul
    • Education
    • Investigations
    • Minorities
    • Diaspora
    • World
    • Mid-East
    • Europe
    • Americas
    • Asia Pacific
    • Africa
    • Syrian Crisis
    • İslamophobia
    • Business
    • Automotive
    • Economy
    • Energy
    • Finance
    • Tourism
    • Tech
    • Defense
    • Transportation
    • News Analysis
    • Lifestyle
    • Health
    • Environment
    • Travel
    • Food
    • Fashion
    • Science
    • Religion
    • History
    • Feature
    • Expat Corner
    • Arts
    • Cinema
    • Music
    • Events
    • Portrait
    • Performing Arts
    • Reviews
    • Sports
    • Football
    • Basketball
    • Motorsports
    • Tennis
    • Opinion
    • Columns
    • Op-Ed
    • Reader's Corner
    • Editorial
    • Photo gallery
    • DS TV
    • Jobs
    • privacy
    • about us
    • contact us
    • RSS
    © Turkuvaz Haberleşme ve Yayıncılık 2021