Pharmaceuticals and health-focused AstraZeneca opened employee applications last week and was looking for new colleagues. A problem arising from the source codes of the website caused all the data of the applicants between certain dates to be accessible and leaked .
The company’s realization of the situation enabled the Personal Data Protection Authority to quickly take action. As a result of the investigations provided for a while, it was revealed how many application data were leaked and between what dates these leaks took place.
AstraZeneca Leaks Nearly 1,000 Application Information
“In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible.” Acting on the law, AstraZeneca contacted the authorized institution directly and ensured that the process was carried out together.
The statement made by the Personal Data Protection Authority is as follows:
In summary, in the data breach notification submitted to the Board by AstraZeneca İlaç Sanayi ve Ticaret Limited Şirketi, which has the title of data controller;
- There has been a breach in the data processing system (Workday Limited), which enables employee candidates to apply for open positions in “AstraZeneca”,
- Due to the aforementioned situation, employee candidates who apply for a job between July 13, 2022 at 23:53 (Istanbul time) and July 14, 2022 at 05:32 and/or between 22:06 on July 20, 2022 and 23:15 on August 1, 2022, are subject to personal data. data becomes accessible for a short time,
- The violation was detected on 31 July 2022,
- The group of persons affected by the violation are employee candidates,
- An estimated 981 people were affected by the breach,
- Personal data affected by the breach; Country, name, e-mail, phone number, salary expectation, current salary information, previous employment relationship information with “AstraZeneca” if any, visa status, details of restrictive clauses regarding current or previous employer, in addition, employee Candidates can also voluntarily provide personal URL, work experience, education, language, abilities and CV data through the data processing system.
information is included.
Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 11.08.2022 and numbered 2022/831, it was decided to announce the data breach notification on the website of the Authority.
It is announced to the public with respect.”