Łódź, 28 March 2025
Dear Sir or Madam,
WITKO Sp. z o.o. with its registered office in Łódź, fulfilling its obligations as a data controller within the meaning of Article 4 paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereby informs that on 19.03.2025, our company fell victim to a hacker attack (phishing), which led to a breach of personal data protection by reading and downloading the e-mail of one of our employees. The breach may have concerned your personal data.
This event led to the loss of availability and also confidentiality of personal data, including customers, contractors and employees of WITKO Sp. z o.o.
What actions were taken in connection with the incident?
Immediately after the security incident was detected, the necessary actions were taken to prevent further breaches of personal data, in particular, control over the intercepted email was regained, and the President of the Polish Personal Data Protection Office was notified.
WITKO Sp. z o.o. makes every effort to minimize the effects of the attack and restore full functionality of IT systems in the shortest possible time.
What personal data was subject to the breach?
The attack resulted in a breach of the availability and confidentiality of your personal data, which may include:
- contact details (e-mail address, phone number);
- name and surname;
- place of employment and job title.
Who can you contact regarding a breach of personal data protection?
If you have any questions regarding the breach, you can contact WITKO Sp. z o.o. by sending an e-mail inquiry to the following address: daneosobowe@witko.com.pl
What are the potential consequences of a breach of personal data protection?
The consequences of a breach of your personal data may be:
- processing of personal data for marketing purposes without prior consent (in the case of traditional marketing, i.e. sending marketing content to the employment address).
- publication or disclosure of personal data, which may violate your personal rights;
- threat of harassment or blackmail using the disclosed data;
- exposure to increased phishing attacks aimed at obtaining personal data;
- setting up an online account using personal data (e.g. on social networking sites);
- use of personal data by third parties to conceal their identity (e.g. when receiving fines).
What can you do to minimize the negative effects of the breach?
In order to minimize the potential negative effects of the incident, we recommend:
- enabling additional security on services that allow two-step verification;
- paying special attention to attempts to log into accounts and checking alerts sent to the email address;
- being careful when using social media, especially when receiving private messages containing links;
- if you notice someone impersonating you, notify law enforcement agencies of the possibility of a crime being committed;
- if you notice a violation of your personal rights through the use of personal data that was covered by this violation, we recommend using the personal rights protection measures specified in the provisions of the Civil Code.
Taking these actions should minimize the negative effects of the breach and protect personal data from misuse.
