According to the information provided to the Board by Defacto, customers displayed personal information that did not belong to them on their profile pages. The error in question was detected on September 14, 2023. It was announced that this problem was caused by the company from which the CDN service was purchased.
According to estimates, 2,686 people were affected by this data breach. Customers viewed other customers’ identity, contact and customer transaction data.
Defacto Retail Trade. In summary, in the data breach notification submitted to the Board by AŞ;
- The violation was detected on 14.09.2023, with the information that customers saw personal information that did not belong to them on their profile pages,
- The data controller receives services from the data processor to provide CDN consumption traffic to deliver customer content to the end user,
- The data breach occurred after the software version, which included a number of improvements made to improve the services offered by the data processor, was put into operation,
- The categories of personal data affected by the breach are identity, contact and customer transaction data,
- While some of the 1337 customers in total who visited the Account Information screen on the My Account page only viewed their own account information screen, some customers could see the information of other customers on the interface of the account information screen, and the number of people affected by the breach is estimated to be 2686,
- It is stated that relevant persons can obtain information regarding the data breach from the call center at 0850 333 22 86, from DeFacto Customer Services’ e-mail address [email protected] and from [email protected] e-mail address.