Personal Data Protection Authority (KVKK), Trabzonspor Sportif Investment and Futbol İşletmeciliği Ticaret A.Ş. made an important statement about In the statement, it was stated that the company fell victim to a cyber attack and user data fell into the hands of attackers. So when did the cyber attack take place and what data of the users fell into the hands of hackers?
According to the KVKK’s statement, Trabzonspor suffered a cyber attack on 19 May 2023 and realized this on the same day. After infiltrating the system, the attackers also encrypted the data of the users. As such, it could not be determined exactly how many people’s data were leaked.
Identity and contact information may also have been leaked
In Trabzonspor’s database, there were data in categories such as the identity and contact information of the users, financial information, professional experience, past transactions and marketing. With the attack on May 19, all this data was potentially in the hands of hackers. It is not known who or for what purpose they carried out the attack.
Meanwhile; In addition to Trabzonspor Sportif Investment and Football Management Trade Inc., Trabzonspor Commercial Products and Tourism Management Trade Inc., Trabzonspor Futbol İşletmeciliği Ticaret A.Ş., Trabzonspor Telekomünikasyon Danışmanlık ve Servis Hizmetleri Ticaret A.Ş., Bordeaux Blue Football Let’s also point out that it affects Investments Trade Inc., Trabzonspor Club Association, Trabzonspor Bordeaux Mavi Enerji Elektrik Üretim A.Ş., and the affected people are employees, users, students, customers and potential customers.
The description of KVKK is as follows:
“As it is known, paragraph (5) of Article 12 of the Law on the Protection of Personal Data No. 6698, titled “Obligations regarding data security”, states that “In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its own website or by any other method it deems appropriate.” its ruling.
Trabzonspor Sportif Investment and Futbol İşletmeciliği Ticaret A.Ş., which has the title of data controller. In summary, in the data breach notification submitted by the Board to the Board;
- The servers of the data controller are encrypted as a result of the cyber attack,
- The violation took place on 19.05.2023 and was detected on the same day,
- In addition to the cyber attack, Trabzonspor Commercial Products and Turizm İşletmeciliği Ticaret A.Ş, Trabzonspor Futbol İşletmeciliği Ticaret A.Ş., Trabzonspor Telekomünikasyon Danışmanlık ve Servis Hizmetleri Ticaret A.Ş., Bordeaux Mavi Futbol Yatirimlar Ticaret A.Ş., Trabzonspor Club Association, Trabzonspor Bordeaux. Mavi Enerji Elektrik Üretim A.Ş. was also affected,
- It is not possible to access the files held on the encrypted servers; for this reason, the number of persons and records affected by the violation could not be determined,
- The contact groups affected by the breach are employees, users, students and customers and potential customers,
- Identity, communication, personnel, customer transaction, finance, professional experience, marketing, audio-visual records and other data categories are affected by the breach,
- Relevant persons can obtain information about the data breach through the call center.
information is included.
Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 25.05.2023 and numbered 2023/918, it has been decided to announce the aforementioned data breach notifications on the Institution’s website.
It is announced to the public with respect.”
You can find the original text of the KVKK here.