Reuters – Turkey launches inquiry into leak of 50 million citizens’ data

ISTANBUL (Reuters) – Turkey is investigating how hackers have posted online the identity data of some 50 million Turks, including what they said were details about the president and prime minister, after what is believed to be the biggest data breach seen in the country.

While no group has taken credit for uploading the data to a website called the Turkish Citizenship Database, the comments posted suggest Turkey may be a target of political hackers.

The 1.5 gigabyte compressed file contains the national identity number, date of birth and full address for 49.6 million Turks, according to the website, or around two thirds of the population.

The website said it included the ID information of President Tayyip Erdogan, Prime Minister Ahmet Davutoglu and former president Abdullah Gul and taunted the president.

“Who would have imagined that backward ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?” the website says. “Do something about Erdogan! He is destroying your country beyond recognition.”

An official at Ankara’s chief prosecutor’s office said on Wednesday it was investigating the breach, but declined to give further details.

The number of Turkish citizens affected was roughly the same size as the entire electorate, Justice Minister Bekir Bozdag told reporters.

“How and from where this was leaked needs to be looked into,” he said. “I believe the necessary investigations – both administrative and judicial – have been launched and whatever is necessary will be done.”


Tuncay Besikci, a computer forensics expert at auditing and consultancy firm PwC, confirmed to Reuters the file contained ID numbers and personally identifiable information of at least 46 million citizens.

Transport and Communication Minister Binali Yildirim said on Tuesday the breach appeared to date back to at least 2010. It is not clear when the file was first uploaded, although reports of it surfaced in local media this week.

He said the data was from electoral records that the state shares with political parties before elections.

However, Besikci, the computer expert, said he believed the data was taken from the government’s official Population Governance Central Database in or around 2009 and later illegally sold on to firms that dealt in asset foreclosures.

In December, Turkish Internet servers suffered one of the most intense cyberattacks seen in the country, raising fears Ankara may have been a target of political hackers.

The December hacking involved a flood of disruptive traffic, known as a DDoS (Distributed Denial of Service) attack, where computers target specific Internet sites, resulting in web speeds plummeting.

Under Erdogan, Turkey has a taken a tough stance on social media sites. Turkey has blocked access to sites such as Twitter, often due to images or other content being shared.

Last month an Ankara court ordered a ban on access to both Twitter and Facebook after images from a car bombing in the capital were shared.