Turkey: personal data of 50 million citizens leaked online, hackers claim

By Sarah Chappell with AP, Reuters • Updated: 06/04/2016

Turkey has launched an investigation into an alleged leak of the personal data of almost 50 million citizens. The information is said to have been hacked from a national database and posted online.

If confirmed, the leak would be one of the biggest personal data security breaches that the world has known.

Turkey launches investigation over data leak reports https://t.co/4R8xNZ1XKj pic.twitter.com/eDw7VIcLc9
— TRT World (@trtworld) April 6, 2016

How big?

A massive database purporting to contain the personal information of 49,611,709 Turkish citizens
That means potentially two thirds of Turkey’s population could have been affected
If confirmed, it would be one of the biggest public leaks of personal data ever seen

How bad?

The leak allegedly includes the following data:

Full names
Full addresses
National ID numbers
Parents’ full names
Dates of birth

Investigation launched into theft of Turkish citizenship databasehttps://t.co/cDelXx3JOQ pic.twitter.com/DCKv2San9x
— Turkish Minute (@TurkishMinuteTM) April 6, 2016

Who and why?

No details about the hackers behind the publication of the alleged leak have been confirmed.

The website that is hosting the allegedly leaked data has a web page entitled “Turkish Citizenship Database”.

The opening statement on the web page reads: “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”

In a section entitled “Lessons to learn for Turkey,” the web page reads: “Do something about (Turkish President Recep Tayyip) Erdogan! He is destroying your country beyond recognition.”

The website purports to show Erdogan’s own personal data.

Can it be for real?

It appears that it might be, yes.

The Turkish authorities announced the launch of an investigation on Wednesday, but prior to that The Associated Press (AP) reported that it had been able to “partially verify” the leak.

AP reported that it had compared non-public Turkish ID numbers against names in the database, resulting in eight matches.

The site appears to be hosted by an Icelandic group that specialises in divulging leaks, using servers in Romania, AP reported.