Blogs

The biggest data breach in Turkish history

By EDRi · April 20, 2016

About 50 million personal records of Turkish citizens have been made publicly available in a searchable database on the internet. Ironically, although the site that holds the database is open to the entire world, it is one of the 110,000 sites blocked by Turkish government and can only be accessed from Turkey via a virtual private network (VPN). The database contains personal information such as names, citizenship numbers, parent names and addresses of 49,611,709 citizens. This huge number involved makes the breach the most serious in Turkish history. By comparison: the Office of Personnel Management leak in April 2015 involved the personal records of 22 million public servants in the US.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

Contrary to the reports in the international media, the leak does not seem to be recent, but what is new is, that the data is now available on the net. In Turkey, citizenship data has been available on the black market for years. It was mainly sold to solicitors and cargo companies which need accurate addresses of individuals. Several people were taken into custody for obtaining the data on 27 July 2010 and twelve of them were later sentenced.

The version available on the internet seems to be related to the 2009 elections, as it contains data on citizens that were over 18 years of age at that time. The government was quick to blame the largest opposition party (CHP) and its arch-rival Fethullah Gülen, a US-based cleric for leaking the database at the same time. It is currently considering not to give electorate data to the parties in future elections. The opposition party responded that this was nonsense and it was only one of the 30 parties that received the database. According to CHP, this accusation is an indication of the intention of further fraud by the ruling party AKP by keeping information from them.

As a potential ticking bomb, all health records such as doctor visits, treatments, health tests and medicine prescribed for all citizens are also kept in a central database in Turkey. This is permitted by the new Data Protection Law and any similar breach of that database will have even more serious consequences in future.

Personal data of 50 million Turkish citizens, incl Erdogan’s reportedly leaked online (04.04.2016)
https://www.rt.com/news/338409-personal-data-turkey-leaked/

Personal details of 50 million Turkish citizens leaked online, hackers claim (04.04.2016)
http://www.telegraph.co.uk/news/2016/04/04/personal-details-of-50-million-turkish-citizens-leaked-online-ha/

Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens (05.04.2016)
http://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/

Correction: Turkey-Data Leak story (06.04.2016)
http://bigstory.ap.org/article/0d88b2c4311a464587a485ad56ac986e/data-nearly-50-million-turks-allegedly-leaked-online

Turkey launches inquiry into leak of 50 million citizens’ data (04.06.2016)
http://www.reuters.com/article/us-turkey-cyber-idUSKCN0X31ZK

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner