Today, we’re reporting on a list of new data-related incidents. The Turkish Personal Data Protection Authority (KVKK) has released details on three confirmed cases of data breaches that occurred in March, while Thailand Post has officially verified one of the largest data leaks in Thai history.
The Turkish data regulator, KVKK, had an intense March. It reported three incidents, which affected two educational organizations and a telecom operator.
Nevşehir Hacı Bektaş Veli University notified the KVKK about the exposure of personal records of its students and staff. Sensitive records were disclosed through the PingPong University Guide application. The mobile application used the information management system developed by Izmir Katip Çelebi University (IKÇU). IKÇU misconfigured data processing rules, and, as a result, personal records of Nevşehir Hacı Bektaş Veli University individuals became accessible via other applications. The exact number of affected persons is unknown. According to the information from the official site, there are around 23,000 active students and employees.
The second data security incident victim is a network of private schools known as Bilfen. According to the official statement, criminals accessed XML files via an exposed URL within the internal system. Preliminary information that was exposed includes:
- Names
- Contacts
- Photos
- And students’ academic data.
The intruders got access to the sensitive records of 24,061 individuals. Bilfen students, their parents, and school personnel were affected by the data breach.
The investigation is still ongoing. Results will be published on Data Regulator and Bilfen websites.
And last but not least, the victim of criminals is TurkNet, one of the biggest Turkish telecom providers. According to the investigation, 244,396 company clients are affected by the data breach. The number can grow as the additional details are discovered. Preliminarily, criminals got access to such sensitive information as:
- First name and surname
- Phone number
- Turkish ID number
- Address
- And other account data.
The TurkNet made an official statement that the data breach didn’t affect company services and its quality. The officials emphasized that financial records and account passwords weren’t exposed. Later, TurkNet made an official statement that some identity information could have been disclosed.
The company representatives are working together with the Information and Communication Technologies Authority and the Personal Data Protection Authority to limit the effects of the data breach.
Another incident affected the Thailand Post. The company fell victim to a data breach. According to the official statement, the government enterprise acknowledged the unauthorized access to the customers’ records. The officials announced a tightening of security measures to ensure the safety of personal data.
According to the rumors, criminals stole 19 million customers records and put such a trove on sale. The database includes personally identifiable information as well as postal service fields. Disclosed records include such data types as:
- Full names
- Contact information (phone, email)
- ID numbers
- Date of birth
- And history of postal interactions.
Stolen records could be used by other threat actors to facilitate further attacks. Criminals can enhance the effectiveness of scam calls, phishing attacks, identity theft, financial fraud, and other types of social engineering attacks. Moreover, stolen data can compromise businesses and governmental communications. If verified, this incident will be among the largest data breaches in Thailand's history.
Ensuring reliable information protection requires two main components: implementing advanced protective systems and employing experienced information security officers. In the current circumstances, when there is a severe shortage of InfoSec professionals, managed security services can be a solution.
Managed Security Service (MSS) offers a comprehensive internal threat protection service tailored to the market requirements. MSS helps reduce expenses associated with purchasing hardware, software licenses, and hiring rare qualified specialists. At the same time, the Managed Security Service provides comprehensive data protection, regulatory compliance, and cutting-edge security practices.
Start your free 30-day trial now and conduct a security audit in your organization today.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!