A Company Leaks All Data of Employee Applications

A Company Leaks All Data of Employee Applications
A Company Leaks All Data of Employee Applications

Pharmaceuticals and health-focused AstraZeneca opened employee applications last week and was looking for new colleagues. A problem arising from the source codes of the website caused all the data of the applicants between certain dates to be accessible and leaked .

The company’s realization of the situation enabled the Personal Data Protection Authority to quickly take action. As a result of the investigations provided for a while, it was revealed how many application data were leaked and between what dates these leaks took place.


A Company Leaks All Data of Employee Applications

AstraZeneca Leaks Nearly 1,000 Application Information


“In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible.” Acting on the law, AstraZeneca contacted the authorized institution directly and ensured that the process was carried out together.

The statement made by the Personal Data Protection Authority is as follows:

In summary, in the data breach notification submitted to the Board by AstraZeneca İlaç Sanayi ve Ticaret Limited Şirketi, which has the title of data controller;

  • There has been a breach in the data processing system (Workday Limited), which enables employee candidates to apply for open positions in “AstraZeneca”,
  • In order for a candidate to submit a job application without logging into their own account, Workday uses a JavaScript variable to track data about the user session, this variable is included in the HTML source, the value of the variable examines the HTML source for the external career site, for example the browser’s “View Source” feature become visible to users who use it,
  • Due to the aforementioned situation, employee candidates who apply for a job between July 13, 2022 at 23:53 (Istanbul time) and July 14, 2022 at 05:32 and/or between 22:06 on July 20, 2022 and 23:15 on August 1, 2022, are subject to personal data. data becomes accessible for a short time,
  • The violation was detected on 31 July 2022,
  • The group of persons affected by the violation are employee candidates,
  • An estimated 981 people were affected by the breach,
  • Personal data affected by the breach; Country, name, e-mail, phone number, salary expectation, current salary information, previous employment relationship information with “AstraZeneca” if any, visa status, details of restrictive clauses regarding current or previous employer, in addition, employee Candidates can also voluntarily provide personal URL, work experience, education, language, abilities and CV data through the data processing system.

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 11.08.2022 and numbered 2022/831, it was decided to announce the data breach notification on the website of the Authority.

It is announced to the public with respect.”


You may also like

Comments are closed.

More in:Internet