Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



Turkey to Probe Massive ‘Personal Data Leak’

Turkey’s authorities launched a probe Wednesday into a leak of the personal data of some 50 million Turkish citizens, the latest breach to expose weaknesses in the country’s information security.

Turkey’s authorities launched a probe Wednesday into a leak of the personal data of some 50 million Turkish citizens, the latest breach to expose weaknesses in the country’s information security.

The massive database — containing Turks’ names, identity numbers and addresses — was posted online by hackers earlier this week along with sharp jabs at the country’s leadership.

Ankara federal prosecutors have opened an investigation into the data spill which risks exposing most of Turkey’s 78 million Turkish citizens to identity theft and fraud, Turkish media reports said.

Transport and Communications Minister Binali Yildirim initially brushed off the leak as an “old story” but on Wednesday confirmed the security breach, saying “we now know who leaked it”.

“The data that was given to political parties for elections in 2009 and afterwards has been leaked,” he said.

Yildirim suggested the breach had been the work of “the parallel structure” – a phrase used to describe a network run by President Recep Tayyip Erdogan’s arch-foe, the US-based cleric Fethullah Gulen.

Gulen is often accused of running a parallel state aimed at usurping Erdogan and his supporters are a favored target of government.

“In line with the law, additional measures are being taken as regards the access of personal information,” Yildirim said, warning of “serious prison terms” for those who divulged confidential data.

Justice Minister Bekir Bozdag said the investigation would focus on “where this was leaked from, finding out how it was leaked.”

‘It is a trap’

Local media said the site where the data was posted appeared to be hosted by an Icelandic group that specializes in divulging leaks, using servers in Romania.

An online statement was posted by the hackers under the headline “Turkish Citizenship Database”, pointing out weaknesses in the country’s protection of data in a section called “lessons to learn for Turkey”.

It offered a hint of what the database contains, providing the personal data of Erdogan, Prime Minister Ahmet Davutoglu and former president Abdullah Gul.

“Putting a hardcoded password on the UI (User Interface) hardly does anything for security. Do something about Erdogan! He is destroying your country beyond recognition.”

“Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?” said the statement.

Several Turks on social media reported finding their details in the database, but the communications minister Yildirim advised citizens not to expose themselves further by digging around in the file.

“Don’t go there, it is a trap. They want to get more data that belongs to you,” he said.

Davutoglu, on a visit to Finland, said authorities would “take the necessary measures to protect personal data”.

“I read that my personal address appeared. If someone wanted my address they only needed to ask,” he said.

Turkey has been working on a new data protection law for over a decade, a step that is crucial as part of the process of accession to the European Union.

The latest version of the draft law was presented to parliament in January and the communications minister said it would come into force imminently.

“People who do things like this will have to give account for what they have done. Previously, there was no legal framework. With the president’s approval it will come into force soon,” Yildirim said.

The US has also been exposed to massive data leaks, with hackers gaining access to some 20 million personnel records for US government employees and contractors last year.

Turkey was also targeted by hacktivist group Anonymous in December with a massive cyber-attack and threats of continued attacks against a country it said was “supporting the Islamic State by buying their oil and tending to their injured fighters.”

Turkey has always vehemently denied accusations of giving Islamist rebels in Syria moral or material backing.

Related: Security Gaps Exist US Passport, Visa Database

Related: 50 million PII Records of Turkish Citizens Posted Online

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.