On March 4, the Turkish Personal Data Protection Authority (KVKK) published a notification regarding a data breach incident at Garanti Finansal Kiralama A.Ş. According to the report, the leasing company's information systems experienced an unauthorized data transfer. The regulator classified the incident as an insider leak caused by an employee's actions.

What Happened?

On December 22, 2025, the company's Data Loss Prevention (DLP) system blocked an employee's attempt to send documents containing client data to their personal email address. A subsequent investigation, launched due to suspicions that other attempts might have been successful, revealed that the employee had repeatedly forwarded confidential information from their corporate email to their personal account.

What Data Was Compromised?

The breach exposed a wide range of information, including:

• Identification Information (company title and customer number);
• Contact & Location Information (district of residence, assigned branch);
• Financial Information (total transaction volume, maximum risk amount, debt and credit score, payment methods etc.);
• Transaction & Contract Information (type of equipment, intended use of the equipment, and the information about active contracts);
• Business & Profile Information (partnership details, the company's opinion about the customer, and other financial institutions the customer works with).

Preliminary analysis indicates that the incident affected 5,664 data subjects.

Effective Protection Against Insider Threats

Insider threats remain one of the most significant challenges for information security teams, particularly in the financial sector. The foundational element for mitigating these internal risks is a DLP system. It's crucial to highlight two critical capabilities of a modern DLP solution that must work in tandem.

The first is comprehensive channel coverage. In this case, the employee used email, but malicious actors are increasingly leveraging a wider, less obvious array of channels and tools. This is why organizations need DLP solutions capable of monitoring and preventing leaks across the broadest possible spectrum of vectors. Sending data to a personal email is just one of many methods for moving information outside the corporate perimeter. Next-gen DLP from SearchInform, for instance, monitors data transfer not only via email but also through cloud storage, messaging apps, removable media, printing devices, and even HTTP traffic.

The second is preventive control and in-depth investigation. Modern systems provide a complete picture of user activity, enabling the detection of suspicious and potentially dangerous behavior on corporate workstations and the collection of detailed evidence. This approach makes it possible to stop a leak at the preparation stage, before any data actually leaves the company's perimeter. Furthermore, such systems allow for retrospective investigations, uncovering instances of corporate fraud and enabling timely intervention to prevent security incidents.

The SearchInform Next-gen DLP solution is built on a comprehensive approach that combines extensive analysis of on-device activity with control over all information transmission channels. This allows for a complete understanding of a potential incident before it materializes. The system is designed to prevent data leaks rather than just managing their aftermath, thereby minimizing both reputational and financial damage to the business, and mitigating a wide range of internal risks – from theft and moonlighting to document forgery and systematic idleness.