In this overview you’ll find details on the following incidents: two Turkish universities experienced personal data breach, while energy holding lost its data; personal details and information about legal bodies was exposed as a result of data leak in Brazil.

A data breach occurred at Trabzon University in January 2025. The Turkish Personal Data Protection Authority (KVKK) announced that personal data of 25 237 persons was exposed. Information about the university’s staff and students was leaked. According to the official statement, malicious actors obtained such sensitive data as:

• Personal identity (name and surname, ID number, date and place of birth, mother’s and father’s name)
• Contact information (email address, work, and mobile phone number)
• Internal university documents.

On the 20th of January, Afyon Kocatepe University also fell victim of the data breach. Criminals got access to the university’s distance education system. As a result, more than 26 000 persons were affected by the data leak. KVKK released the statement about the incident. According to the official information, intruders used stolen credentials to access the university’s distance education system. Sensitive data on students, university employees, and customers was leaked. KVKK announced that malicious actors compromised the following data:

• National ID numbers
• University’s registration number
• Email addresses of students
• Educational video and audio files for distance education.

It was the second data-related incident in the Turkish educational sphere in a short time.

Another incident in Turkey affected the business entity. Criminals targeted Karadeniz Holding in December 2024. The data breach was detected during a routine security check. KVKK announced an ongoing investigation of the incident. Detailed information about the volume of the leak, nature and categories of stolen data, as well as the number of affected people or legal entities isn’t determined yet.

Another major incident happened in Brazil. The cyberattack affected Comunicação de Acidente de Trabalho (CAT) system, part of the Brazilian National Institute of Social Security. Malicious actors successfully infiltrated the CAT’s databases. As a result, 39 million unique records were exposed and put on sale.

 Presumably, the malicious actors got access to such sensitive data as:

• Name
• Contact information (phone number and email)
• Employer information (name and phone number)
• Internal CAT’s data.

CAT is a report service used to notify government about work-related incidents. Under Brazil’s General Data Protection Law (LGPD) failure to comply this security guidelines can lead to major penalties - legal bodies can face fines of up to 2% of revenue, warning or suspension of data processing activities.

Cyber security threats endanger both governmental bodies and private legal entities. Data breaches are among most severe and destructive ones. Direct expenses caused by a breach, including financial and reputational ones affect organizations badly. Thus, protection of sensitive data is a top priority for any organization. Implementation of appropriate data protection solutions is among major steps to mitigate the risks, posed to valuable data. In order to prevent loss of sensitive data, exposure of trade secrets, loss of money; mitigate internal threats and avoid incompliance comprehensive protective system is required. Risk Monitor, the complex internal threat protection system is the reliable assistant in ensuring comprehensive protection, you may try it free of charge.