There has been an important development regarding AstraZeneca, which has been the subject of our news for a while with the COVID-19 vaccine it has developed. Authority for Personal Data (KVKK) in AstraZeneca’s statements, data leak reported to have taken place. Although AstraZeneca has not made a statement about this, according to KVKK, approximately 1000 people affected.
According to KVKK, the data breach at AstraZeneca is the company that collects job applications”Workday LimitedWith the attack they carried out, the hackers got to the data of the users registered in the Workday Limited system, such as country, name, email address, phone number, salary forecast and current salary information. on July 31, 2022 announced that it has been detected.
The description of KVKK is as follows:

“As is known, the Personal Data Protection Act No. 6698”Data Security ObligationsClause (5) of Article 12 entitled “In the event that the processed personal data is obtained by others illegally, the controller shall inform the person concerned and the Board of Directors as soon as possible. If necessary, the Board of Directors may report this on its website or in any other manner it deems appropriate. can declarehis statement.
filed with the board of directors by AstraZeneca İlaç Sanayi ve Ticaret Limited Şirketi, which holds the title of data controller. in a data breach notification summarized;
- Data Processor, which enables employee candidates to apply for open positions in “AstraZeneca”Workday Limited) system has been violated,
- To ensure that a candidate can submit an application without logging into their own account, Workday has a toolkit to track user session data. JavaScript variable usedwhere this variable is included in the HTML source, the value of the variable is displayed in the “browser” inspecting the HTML source for eg the external career siteView sourcebecomes visible to users with the function “,
- Due to the above situation, between July 13, 2022 at 11:53 PM (Istanbul time) to July 14, 2022 at 05:32 AM and/or between July 20, 2022 at 10:06 PM August 1, 2022 Personal data of candidate employees who apply for a position between 11:15 pm made available for a short time,
- your offense July 31, 2022 detected on the
- The group of people affected by the violation worker candidates is,
- of offense an estimated 981 people affected,
- Personal data affected by the breach; country, name, email, phone his numbersalary expectation, current salary information, if applicable, previous employment relationship information with “AstraZeneca”, visa status, details of the restrictive clauses related to current or previous employer, in addition, employee candidates can also voluntarily use their personal URL through the data processing system, work experience, education language, skills and resume data able to provide
information is included.
Although the investigation into this matter continues, with the Decree of the Personal Data Protection Board dated 11.08.2022 and numbered 2022/831, the aforementioned data breach notification was made on the Authority’s website. to be announced specifically.
It will be disclosed to the public with respect.”