Speaking in Şanlıurfa on Monday following the government launching an investigation into the online leak of a database allegedly containing the personal information of nearly 50 million citizens, Prime Minister Ahmet Davutoğlu claimed the Republican People's Party's (CHP) İzmir provincial organization had leaked the personal data. Explaining that the matter was comprehensively discussed at the Cabinet meeting in Şanlıurfa on Monday, Davutoğlu said that he has been provided with detailed information on the MERNİS system, which is a database containing the identity data of all citizens, and that the government has no security issues related to it.
A collection of data apparently lifted from the hacked database of a state agency issuing identity cards appeared on a website run by hackers of unknown origin. The data includes ID numbers for each individual and may be used for online banking, along with the addresses of millions of people, including the president and prime minister.
Providing information on the latest findings regarding the leak on the Habertürk channel in Şanlıurfa, Davutoğlu said: "As mandatory by the law, the Supreme Election Board (YSK) gave the citizens' personal identification information to [CHP] headquarters as part of election campaigns prior to the 2009 elections. The party headquarters conveyed the obtained information to the İzmir provincial organization where it has been distributed from there on," and alleged: "Thus, it is currently a process that developed from a political party misusing a judicial matter." Saying that there was no security negligence by the government, Davutoğlu explained that the YSK had to provide the information to all political parties by law, and accused the CHP of misuse. He also said that the YSK only gives the information to the parties' headquarters, and it is not to be conveyed to any other organization or structure regardless of being affiliated with a party.
Prior to Davutoğlu's remarks, Interior Minister Efkan Ala had said that the data was first leaked in 2009 and it did not contain verified information. "We don't have any leaks [reported] from MERNİS, so our citizens should remain assured," Ala said. Additionally, Justice Minister Bekir Bozdağ said that the government already passed a personal data protection bill and it is awaiting the president's approval.
Hackers posted a database online that seems to contain the personal information of nearly 50 million Turkish citizens in what is one of the largest public leaks of its kind. The leaked database contains 49,611,709 entries and divulges a considerable amount of private information, putting people at risk of identity theft and fraud. Entries include data such as national ID numbers, addresses, birthdates and parents' names. The site appears to be hosted by an Icelandic group that specializes in divulging leaks and used servers in Romania. Prosecutors are currently looking into the leak, which constitutes a crime under the Penal Code defined as the illegal obtainment and publication of data. The unlawful release of such data carries a minimum prison sentence of two years, which increases if the perpetrator is a civil servant. Hacking a computer system also carries a prison term up to one year in addition to fines.