The Personal Data Protection Authority (KVKK) announced that the giant pharmaceutical company AstraZeneca was hacked. In the statement, it was stated that approximately 1000 AstraZeneca employee candidates were affected by this attack.
There has been an important development regarding AstraZeneca, which has been the subject of our news for a while with the COVID-19 vaccine it developed. Personal Data Protection Authority (KVKK) in the statements made by AstraZeneca, data breach reported to have occurred. While AstraZeneca has not made a statement on the subject, according to KVKK, approximately 1000 people affected.
According to KVKK, the data breach at AstraZeneca is the company that collects job applications “Workday LimitedWith the attack they carried out, the hackers reached the data of the users registered in the Workday Limited system, such as the country, name, e-mail, phone number, salary expectation and current salary information. on 31st July 2022 announced that it was detected.
The description of KVKK is as follows:
“As it is known, the Law on the Protection of Personal Data No. 6698”Obligations regarding data securityClause (5) of article 12 titled “In case the processed personal data is obtained by others through illegal means, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may report this situation on its website or by any other method it deems appropriate. can declare” its ruling.
submitted to the Board by AstraZeneca İlaç Sanayi ve Ticaret Limited Şirketi, which has the title of data controller. in a data breach notification in summary;
- Data processor, which enables employee candidates to apply for open positions in “AstraZeneca”Workday Limited) system is violated,
- In order for a candidate to submit a job application without logging into their own account, Workday has a toolkit to track user session data. JavaScript variable useswhere this variable is included in the HTML source, the value of the variable is displayed in the “browser” that inspects the HTML source for the external career site, for exampleView Sourcebecomes visible to users using the ” feature,
- Due to the aforementioned situation, between July 13, 2022 at 23:53 (Istanbul time) to July 14, 2022 at 05:32 and/or between July 20, 2022 at 22:06 August 1, 2022 Personal data of employee candidates who apply for a job between 23:15 made available for a short time,
- your violation 31 July 2022 detected on the
- The group of people affected by the violation worker candidates is,
- from violation estimated 981 people affected,
- Personal data affected by the breach; country, name, email, telephone its numbersalary expectation, current salary information, if any, previous employment relationship information with “AstraZeneca”, visa status, details of the restrictive clauses related to current or previous employer, in addition, employee candidates can also voluntarily use their personal URL through the data processing system. work experience, education, language, skills and resume data able to provide
information is included.
Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 11.08.2022 and numbered 2022/831, the aforementioned data breach notification is posted on the Institution’s website. to be announced decided.
It is announced to the public with respect.”
Source :
https://www.kvkk.gov.tr/Icerik/7425/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-AstraZeneca-Ilac-San-ve-Tic-Ltd-Sti-