Recently, large companies have been shaken by the news of data leaks. Many companies announced that as a result of the attacks, the data of their users reached third parties. The last company affected by this situation was Boyner. A statement came from the company about the data leak.
Boyner announced that the contact information of its customers was leaked
Boyner stated in his statement that there was a data security breach, and that the phone numbers of its users and customer transaction data were leaked. BOYNER, who detected that SMS was sent to some customers without the knowledge of the company on May 6, published two different statements.
Stating that they continue to investigate when and how the data breach occurred, the company announced that some of its customers sent SMS between 28.04.2023 and 06.05.2023 without their knowledge. On the other hand, it is stated that some users are not affected by the situation for an unknown reason.
Statement on data leak news from Getir!
After the allegations that the data of 100 million users were leaked, Getir made a statement on the subject.
A statement was made by the company on May 8 for its customers to whom SMS was sent as a result of the data breach. Today, a second statement was made for users who did not receive SMS as a result of the data leak. Statements made by the company are as follows:
INFORMATION – 1
Our valued customer,
Acting as a data controller, our company Boyner Büyük Mağazacılık A.Ş. (“Company”), a data security breach for personal data processed by (“Breach”), we would like to inform you in accordance with the Law on the Protection of Personal Data.
When did the violation occur?
On 06.05.2023 at 09:00, SMS messages with the following contents started to be sent to some of our customers on behalf of the YKM brand we own, without the knowledge and will of our Company:
- MediaMarkt 05.05 Special for Mother’s Day Mobile Phone Computer 30% Discount on Money Order on All Products. Click Now to Seize the Opportunity. www.mediammarkt.com
- Media Markt Mother’s Day Special Limited Number of 1000 Phone Pc Home Electronics Products, 30% Discount, Valid for 1 Hour Remittance; mediammarkt.com
- Media Markt Mother’s Day Special Limited Edition 1000 pcs. 30% Discount on Phone, Pc, Home Electronics Products, Valid for 1 Hour, Remittance www.mediammarkt.com
- Media Markt Mother’s Day Special Limited Number of 1000 Phone Pc Home Electronics Products, 30% Discount, Valid for 1 Hour Remittance;
- MediaMarkt Mother’s Day Special, Don’t Miss the 30% Discount on Mobile Phones and Home Electronics Transfers valid today… www.mediammarkt.com
(All together “Unauthorized SMS“)
Although our investigations regarding when and how the Violation took place are still continuing, according to the preliminary findings, the people who caused the Violation, to start on 28.04.2023 and end on 06.05.2023, to the SMS sending portal of the company from which our company receives SMS sending service. and access the personal data of some of our customers, including you, on this portal; It has been understood that some of our customers whose personal data they have accessed, including you, have sent the above-mentioned Unauthorized SMS.
Which of your personal data was affected by the breach?
At this stage, it has been understood that the confidentiality of your contact data (mobile phone number) and customer transaction data (which marketing SMS has been sent to you by our Company and whether these SMSs have reached you) from your personal data processed by our Company has been affected by the breach.
Any of your sensitive data has not been affected by the Breach.
What are the possible consequences of the violation? What can you do to prevent them?
At this stage, it has been determined that your mobile phone information affected by the breach was used for sending Unauthorized SMS.
www.mediammarkt.com, the website directed by the unauthorized SMS (“Fake SiteIt has been understood that it is not a site established for legitimate purposes, but a site that imitates www.mediamarkt.com.tr operating for legitimate purposes and was created for fraudulent purposes.
We would like to emphasize that, currently, the Fake Site has been listed as a Phishing site by the Information Technology Authority and has been closed to access.
With this:
- Your mobile phone number and/or –if you have shared your e-mail address by logging into the Fake Site– your email address can be used for other phishing attacks;
- If you made a payment by logging into the Fake Site, such payment may be an unfairly received payment from you as part of fraudulent activity;
- If you have shared your bank and credit card information, username and password you use on other websites or online services, or other personal data by logging into the Fake Site, this data may be used by third parties for malicious purposes.
In this context, in order to reduce the negative consequences of the Violation:
- You ignore the e-mails and SMS messages or calls made by people or institutions you do not know, or by people or institutions who suspect that they are imitating them;
- If you have made a payment by logging into the fake Site, you must apply to the Office of the Chief Public Prosecutor or law enforcement;
- If you have shared your bank and/or credit card information by logging into the fake Site, you must cancel this bank and/or credit card and contact your bank about transactions not made by you by checking the transactions made with this bank and/or credit card;
- If you have shared your username and password that you use on other websites or online services by logging into the Fake Site, we recommend that you immediately change your username and password you use for the relevant website and/or online services.
What are the measures we take as the Company to reduce the negative effects of the violation?
To mitigate the potential negative consequences of a violation upon understanding:
- All of our marketing SMS sending systems at the company from which our company receives SMS sending service are immediately closed to all entries.
- On the same day, at 21:39, by our Company through our YKM account, to which the Fake SMS was sent to you:
“The SMS that was sent to you today (06/05/2023) on behalf of YKM and started as “Mediamarkt (..)” was not sent to our company’s knowledge. Please ignore the content of this SMS, do not click on the link in the SMS. Do not share any of your personal data through the said website. Mersis: 0520004396300013 B016”
An informative SMS has been sent.
- Necessary notifications have been made to the cyber security company we work with.
- In addition, necessary studies have been initiated to make the necessary notifications to the Personal Data Protection Authority and to file a criminal complaint with the Office of the Chief Public Prosecutor, and these studies are continuing.
Currently, the Fake Site has been listed as a Phishing site by the Information Technology Authority and has been closed to access.
What are our contact addresses?
If you have any questions or experience a negative situation regarding the said Violation, you can immediately contact us via the contact addresses of our Company stated below.
| Our Call Center | : 444 2 967 |
| : “_[email protected]” | |
| Address | : Boyner Büyük Mağazacılık A.Ş. Buyukdere Cad. USO Center Building No:245/2 34396 Maslak, Sariyer/Istanbul |
INFORMATION – 2
Our valued customer,
Acting as a data controller, our company Boyner Büyük Mağazacılık A.Ş. (“Company”), a data security breach for personal data processed by (“BreachIn addition to the notification we made on 08.05.2023 (https://kurumsal.boyner.com.tr/duyuru-1) pursuant to the Personal Data Protection Law, we would like to provide additional information to our customers who were affected by the data breach but did not receive SMS.
When did the violation occur?
Within the scope of our ongoing investigations regarding when and how the Violation occurred, the persons who caused the Violation are sent to the SMS sending portal of the company from which our company receives SMS sending service, starting on 28.04.2023 and ending on 06.05.2023, and your address on this portal. It has been understood that some of our customers, including you, have access to personal data.
Although SMSs were sent to some of our customers on 06.05.2023, on behalf of the YKM brand, without the knowledge and will of our Company, it was determined that although the personal data of some of our customers, including you, were accessed, they could not be sent.
Which of your personal data was affected by the breach?
At this stage, it has been understood that the confidentiality of your contact data (mobile phone number) and customer transaction data (which marketing SMS has been sent to you by our Company and whether these SMSs have reached you) from your personal data processed by our Company has been affected by the breach.
Any of your sensitive data has not been affected by the Breach.
What are the possible consequences of the violation? What can you do to prevent them?
Your mobile phone number information from your personal data affected by the Breach can be used by the people who committed the Breach to carry out phishing attacks against you.
In order to avoid any negative consequences due to the violation, you should ignore the SMS sent or the calls made by people or institutions you do not know, or by persons or institutions who suspect that they are imitating them, and if there is any web page link in these SMSs. We recommend that you do not click on web page links that you are not sure of.
What are the measures we take to reduce the negative effects of the violation?
To mitigate the potential negative consequences of a violation upon understanding:
- All of our marketing SMS sending systems at the company from which our company receives SMS sending service are immediately closed to all entries.
- Necessary notifications have been made to the cyber security company we work with.
- In addition, necessary studies have been initiated to make the necessary notifications to the Personal Data Protection Authority and to file a criminal complaint with the Office of the Chief Public Prosecutor, and these studies are continuing.
What are our contact addresses?
If you have any questions or experience a negative situation regarding the said Violation, you can immediately contact us via the contact addresses of our Company stated below.
| Our Call Center | :444 2 967 |
| : “[email protected]” | |
| Address | :Boyner Büyük Mağazacılık A.Ş. Buyukdere Cad. USO Center Building No:245/2 34396 Maslak, Sariyer/Istanbul |
Recently, many companies have been dealing with data leak issues. The final target of the attacks seems to have been Boyner. We recommend our readers to pay attention to incoming SMS and e-mails on days when such events start to happen frequently. So what do you think about this subject? You can share your views with us in the comments section.