[BreachExchange] Turkey: KVKK fines gaming company TRY 1, 100, 000 for breach notification violations

Destry Winant destry at riskbasedsecurity.com
Tue Jun 30 10:18:05 EDT 2020


The Personal Data Protection Authority ('KVKK') published, on 23 June 2020,
its decision ('the Decision') of 16 April 2020, fining a gaming company a
total of TRY 1,100,000 (approx. €142,980) for data breach notification
violations. In particular, the Decision concerns a data breach suffered by
the gaming company in which hackers were able to gain access to the
company’s player data affecting 39,995 individuals in Turkey. Specifically,
the Decision highlights that the company was fined 1,000,000 TRY (approx.
€129,980) for violations of Article 12 of the Law on Protection of Personal
Data No.6698 ('the Law') and not having taken the necessary technical and
administrative measures to ensure the appropriate level of security.
Furthermore, the Decision notes that the gaming company was fined an
additional TRY 100,000 (approx. €13,000) for failures to report the breach
within the 72-hour period required.

You can read the Decision, only available in Turkish, here
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20200630/d66cdf61/attachment.html>

More information about the BreachExchange mailing list