Airline company Pegasus announced on May 31 that it detected a data breach. A notification was made to KVKK about the data breach, which was discovered after the news on 30 May.
Pegasus, one of Turkey’s largest airline companies, is today a member of the Personal Data Protection Authority. in a data breach notification found. The company, which has recently come to the fore with allegations of data breaches in the press, made a notification confirming the claims and shared the details of the breach and the affected people.
According to the statement made by Pegasus, the data breach was established for the purpose of making the flight plans of the flight crews and ensuring the necessary coordination. because the browser listing feature of the service is turned on took place. As a result of the violation, the personal information of the flight crew members was seized.
The data breach was detected on May 31 following the news:
According to the announcement, the system vulnerability that caused the data breach was detected on March 21, 2022. It was shared that the ‘Browser listening (browser listing)’ feature was turned off on March 24, and the vulnerability was fixed. The data breach was detected on May 31, 2022.It was shared that self-introductory texts were published by people who made unauthorized access on the subject on social media accounts and some websites.
Communicating with third-party persons who provide unauthorized access to data upon their sharing, and prompt destruction of data is requested. announced. While the number of people affected by the data breach is not disclosed and it is stated that the studies are ongoing, the captured data of the flight crew members affected by the breach were shared as follows:
- Name and surname information,
- Phone number
- E-mail address
- title
- Flight information they have made in the past
- Photographs and signature images of some of the employees