ING Türkiye

ING Bank notified the DPA that personal data of almost 20 thousand people were unlawfully transmitted to third parties.

It was found that the breach was caused by one if its -now former- employees who accessed unauthorizedly to certain databases of Risk Center of the Banks Association of Turkey.

The employee then transmitted the obtained data unlawfully to third parties, which proves that information security does not always depend on the cyber security that prevents malicious cyber-attacks of third parties.

The information compromised may include personal data belonging to mostly other banks' customers.

Source: https://www.mondaq.com/turkey/data-protection/787246/turkish-data-protection-authority-announced-data-leakage-of-a-dutch-bank-revealing-the-importance-of-effective-information-security

"id": "ING32212323",
"linkid": "ing-turkiye",
"type": "Breach",
"date": "03/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"