After a database allegedly containing the personal identities of nearly 50 million citizens emerged online, Turkish authorities assuaged the public concerns while prosecutors launched an investigation into the incident.
A trove of data apparently lifted from the hacked database of a state agency issuing identity cards appeared on a website run by hackers of unknown origin. The data includes exclusive ID numbers for each individual and may be used for online banking, along with the addresses of millions of people including the president and prime minister.
Prosecutors in the capital, Ankara, launched an investigation into the data leak while Interior Minister Efkan Ala said the data was actually first leaked in 2009 and it did not contain verified information. "We don't have any leaks [reported] from MERNİS, so our citizens should remain assured," Ala said, referring to the main database containing the identity data of all citizens.
Justice Minister Bekir Bozdağ said the number of leaked IDs is close to the number of registered voters. "The Supreme Election Board is also in possession of identity data and it shares it with political parties," he said, implying that a political party or members of a party might be associated with the leak. "It is a matter that should be investigated, and I believe prosecutors will conduct a comprehensive inquiry," he told reporters yesterday. Bozdağ stressed that the government already passed a personal data protection bill and it is awaiting the president's approval. "This bill defines what constitutes a violation of protection of personal information, and citizens were given extra rights to find out if their data is safe. It offers strong defense for data protection," he said.
Prosecutors will now look into the leak, which constitutes a crime under the Penal Code defined as the illegal obtainment and publication of data. The leak also violates anti-hacking laws. Media outlets said prosecutors would first contact the Supreme Election Board to investigate the possible data leak by a political party.
The unlawful release of such data carries a minimum prison sentence of two years, and that sentence increases if the perpetrator is a civil servant. Hacking into a computer system also carries a prison term up to one year in addition to fines.
Last year, Turkey saw a series of cyberattacks for roughly two weeks in a coordinated assault by hackers. The attacks, one of the worst in the country's history, led to crashes and temporary disruption of government websites as well as online banking services. Internet experts said it was not clear who was behind the attacks, but local media reports suggested that a flood of traffic on Turkish Internet servers – which contain more than 300,000 websites -- could have originated from Russia. They cited Turkey's soured relations with Moscow following the Russian military jet-downing incident last November as a possible reason.
Hackers have posted a database online that seems to contain the personal information of nearly 50 million Turkish citizens in what is one of the largest public leaks of its kind.
The leaked database contains 49,611,709 entries and divulged considerable private information, putting people at risk of identity theft and fraud. Entries include data such as national ID numbers, addresses, birthdates and parents' names.
The site appears to be hosted by an Icelandic group that specializes in divulging leaks, using servers in Romania. In an era where hackers frequently gain access to sensitive information, the Turkish government is not alone in facing a major breach.
Among the most serious recent incidents, the U.S. government's Office of Personnel Management revealed in April 2015 that hackers gained access to the personal information of more than 22 million U.S. federal employees, retirees, contractors and others, and millions of sensitive and classified documents.