The Turkish Data Protection Agency (KVKK) has reported a data breach at Hotiç Ayakkabı San. ve Tic. A.Ş. Hotiç Ayakkabı used the services of a processor — a provider of a consent management platform for sending SMS and emails. On 6 June 2023, unauthorised individuals attempted to log into an account on this platform and gained access to customers’ phone numbers. As a result, they sent text messages with a phishing attempt to the relevant individuals. Hotiç Ayakkabı became aware of the breach thanks to its employees, who also received the messages.
The breach affected 1,926,889 individuals and records, and the compromised data was customer phone numbers.