A cyber attacker hacked into the company’s system and captured 596,659 email addresses. The attackers sent a total of 1,986,293 emails to the unique email address.
Güneş Ekspres Havacılık A.Ş. (SunExpress) filed a data breach notification with the Personal Data Protection Authority (KVKK). The notification stated that a cyber attacker gained unauthorized access to the campaign management platform used by the data controller by obtaining the login information of an administrator account and sent phishing emails through this account.
In the statement, which stated that the violation occurred on 15.07.2024 and was detected on the same day, the following views were included:
”It was determined that the cyber attacker sent a total of 1,986,293 e-mails to 596,659 unique e-mail addresses.
It was determined that the relevant person groups affected by the breach were employees, customers and potential customers. It was determined that the personal data category affected by the breach was contact (e-mail) information, and that of the 596,659 e-mail addresses to which the cyber attacker sent e-mails, 86 belonged to employees (current and former) and 249,668 belonged to customers.
It was determined that the source of 346,905 e-mail addresses was unknown and were e-mail addresses uploaded to the system by the cyber attacker during the attack. The relevant persons will be able to obtain information about the data breach through the form on the data controller’s website (https://www.sunexpress.com/tr-tr/verilerin-korunmasi/).”
