Turkiye: Issued data breach notification in Personal Data Protection Board investigation into Uber Technologies regarding possible data breach

On 10 July 2024, the Personal Data Protection Board (KVKK) issued a data breach notification to the public about a potential data breach at Uber Technologies. The investigation began after Uber Technologies notified KVKK in compliance with Article 12, Paragraph 5 of the Personal Data Protection Law No. 6698. On 2 July 2024, Uber received an email from an individual indicating an intention to disclose personal data possibly originating from Uber. The breach's timing and source are still under investigation. The breach has potentially affected Uber users (passengers and food orders) as well as drivers and delivery persons. Screenshots are believed to include personal details such as names, email addresses, phone numbers, profile pictures, registration dates, and ratings for users, as well as driver's licenses, insurance, identity cards, and vehicle registration for drivers and delivery persons. The exact data affected and the number of impacted individuals remain undetermined.