In this weekly digest, we will look at two different incidents. They have something in common—both of them could be put in an information security textbook. Wrong addressee for email and gap in cloud storage security rules. At the same time, Turkey raised fines for data protection for 2025.
A data leak happened in Singapore on the 22nd of January. According to the statement, the incident was facilitated by a “technical issue.”. As a result, personal data of 3 320 persons was sent to unintended recipients.
The Council for Estate Agencies notified the state regulator about the incident as soon as it was discovered. The leaked information contained names and NRIC numbers, National Registration Identity Cards. A trove of data was formed from the lists of persons who registered for two real estate events. However, leaked data didn’t include contact information such as phone numbers or email addresses.
According to the result of the preliminary investigation, that incident was caused by the IT system’s technical issue. Thus, personal data was sent to unintended recipients.
To sum up, this incident is a golden classic of data leaks. Such disclosures of private information can be caused by simple human error or isolated technical malfunction. However, modern protective solutions are able to mitigate this everlasting threat. For example, DLP systems can ensure secure transmission of data, both within the company perimeter and outside it. The system can prevent the suspicious operation of data transferring if it violates security policies established in the organization. Thus, transfers of personal data are regulated by the specific security policy—for example, sending personally identifiable information can be allowed only for a list of specified users. This will help to prevent both accidental and deliberate cases of confidential data sending to unverified/unapproved recipients. This approach has to be the golden standard for any entity that operates personal data.
Another data leak affected the entire population of Georgia. A cybersecurity research team discovered an unprotected Elasticsearch index. Reported server contained two unsecured databases. One database had around 5 million records; the second contained 7 million. The size of the leak is highlighted by the fact that the whole population of Georgia is 3.7 million people.
The German-based cloud server was shut down not long after the news came public. According to the statement by the research team, databases included such sensitive information as:
Part of the data seems to be linked to the leak from 2020. Thus, current databases were combined with additional sources of data such as citizen phone numbers and identifiers, and information about car owners. Despite the fact that the current database exceeds the number of citizens, it still can be used by criminals for potential identity theft and fraud activities.
This incident also is a reminder that a simple mistake in access rights management can potentially lead to huge and severe consequences. Data processing bodies have to be vigilant and maintain a comprehensive security posture 24/7/365.
At the same time, Turkey announced new administrative fines under the Turkish Data Protection Law. Data leaks are not rare events. Small and medium businesses are affected by data breaches, as well as large enterprises. Thus, state regulators pay close attention to the data protection legislation and measures. The more data is important, the bigger the fines are.
The Turkish Personal Data Protection Authority (KVKK) announced updates to fines for 2025. The fines increased by 44%. The administrative fines are:
Thus, maintaining robust data security is not an optional measure but a compulsory part of business processes. It provides protection of personal and confidential information, commercial documents, and sensitive data for business and state bodies. Thus, data security prevents financial losses and legal consequences of data incidents.
As you can see from discussed incidents, a lot of data leaks could be prevented by the use of data security solutions. Human error accounts for 74% of data breaches, with 56% resulting from simple unintentional errors and 26% from deliberate insider threats. You can avoid a huge part of potential incidents by the means of DLP systems such as our Risk Monitor. Risk Monitor is a next-gen system for the mitigation of all types of internal risks. AI-powered analytical features allow you to stay ahead of malicious actors. High customization and industry-specific pre-made settings will help you to comply with local legislation and industry-specific regulations.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!