Cyber Incident Victim: MNG Kargo

On August 23, 2021, MNG Kargo, a major Turkish cargo and logistics company, publicly disclosed a cybersecurity incident affecting its corporate customers. The breach originated on August 15 when attackers obtained corporate customer account credentials—specifically usernames and passwords—which enabled unauthorized access to the company's systems. This access led to the exfiltration of personal data belonging to cargo recipients, including full names, addresses, and telephone numbers. MNG Kargo emphasized its internal systems contained no technical vulnerabilities, attributing the breach solely to compromised customer account credentials rather than infrastructure weaknesses. The company detected the intrusion eight days after its initiation but did not specify the methods used for detection or whether external cybersecurity firms assisted in the investigation.

The incident impacted an undetermined number of individuals whose data was exposed through compromised corporate accounts. MNG Kargo formally notified Turkey’s Personal Data Protection Authority (KVKK) of the breach, fulfilling its regulatory obligations, but did not disclose whether affected individuals received direct notifications. No ransomware deployment, financial theft, or operational disruption was reported, with the attack’s consequences limited to data theft. The company’s public statement focused on the absence of systemic flaws while omitting details about containment measures, forensic investigations, or post-incident security enhancements. The stolen recipient information posed risks of phishing and social engineering attacks against affected parties, though no secondary incidents were documented in the available reporting.