Akbank Personal Data Protection Authority KVKK’by applying to a large number of people due to a project code prepared to be used in account opening transactions. customer information breach announced it happened.
KVKK made the following statement on the subject:
‘As it is known, paragraph (5) of Article 12 of the Law on Protection of Personal Data No. 6698 titled “Obligations regarding data security” states, “In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its own website or by any other method it deems appropriate.” its ruling.
Having the title of data controller, Akbank TAŞ. In summary, in the data breach notification submitted by the Board to the Board;
your violation; During the writing of the code of a project created for the account opening transactions of the data controller legal entity customers, the e-mail address variable should be written dynamically, but as a result of static writing,
Electronic passbooks belonging to some customers whose accounts were opened between 27.08.2022 and 18.10.2022 were sent to 20 legal entity customers (in different numbers for each), who are also Bank customers by mistake, instead of these customers,
5,847 bank customers were affected by the breach,
Personal data affected by the breach; within the categories of identity, customer transaction and finance; name and surname, TR identity number, customer number, tax office, individual banking service contract number and date, account number, branch name, foreign currency code, IBAN, product name, interest rate, opening and due date and account opening amount information,
Relevant persons affected by the violation can obtain information from the akbank.com website and 4442525 telephone number.
information is included.
Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 22.03.2023 and numbered 2023/463, it has been decided to announce the aforementioned data breach notification on the Institution’s website.’