Turkish minister confirms vast personal data breach of millions
Turkey’s Minister of Transport and Infrastructure Abdulkadir Uraloğlu confirmed that the identity information of millions of citizens and others registered in Turkish institutions was stolen "during the pandemic." The Information and Communication Technologies Authority (BTK) has recently requested assistance from Google in removing the files where this information was stored.
Duvar English
Transport and Infrastructure Minister Abdulkadir Uraloğlu has confirmed that the personal data of millions Turkish citizens were stolen and said, “It is true that some information was unfortunately obtained in a certain way during the pandemic process. Unfortunately, it could not be prevented in that process.”
On Sept. 9, it was revealed that the personal data of 108 million people registered in Turkish official institutions, including their name, surname, ID number, other numbers on the ID card, date of birth, place of birth; registered address, residence address, marital status, date of death, and mobile phone number, were stolen.
Minister Uraloğlu answered questions from journalists following the cabinet meeting and was asked whether "the identity information of 85 million citizens had been hacked," according to the reporting of the online news outlet T24.
"This was a leak from the health system during the pandemic period, as you may recall. Other than that, there isn't any. There is no data indicating that people’s current information was stolen. Unfortunately, it is true that some information was obtained in certain ways during the pandemic period. Unfortunately, it could not be prevented at that time,” he answered.
Main opposition Republican People’s Party (CHP) Deputy Chair Burhanettin Bulut reacted against the minister’s remarks and posted on X, "Our identity information is in who knows whose hands? This shamelessness and audacity have reached new heights! In any other country, no one would still be in office," he said.
Ulaştırma Bakanı Abdulkadir Uraloğlu, 85 milyon vatandaşın kimlik bilgilerinin çalındığını doğruladı.
— Burhanettin Bulut (@eczburhan) September 12, 2024
Kimlik bilgilerimiz kim bilir kimlerin elinde?
Utanmazlık, yüzsüzlük arşı aştı!
Başka bir ülkede olsa kimse koltuğunda oturamaz.
What happened?
Unidentified individuals have reportedly stolen the personal data of 108 million people registered with official institutions in Turkey. This breach included details of Turkish citizens both within the country and abroad, as well as refugees and other individuals whose data might have been registered with official institutions, according to FreeWeb Turkey.
The National Cyber Incident Response Center (USOM), upon discovering the data breach, contacted Google to request assistance as files containing data were uploaded drive folders.
In its letter, USOM stated, "We are legally obligated to protect citizens against all forms of cyber attacks, including phishing attacks, account breaches, and data leaks," and sought Google's help.
Operating under the Information and Communication Technologies Authority (BTK), USOM communicated to Google that some data deemed critically important had been successfully uploaded to their system. They provided the links to the relevant Drive files and requested their "immediate" removal with an "urgent" code.
The total size of the five files containing the data of persons registered with any official authority in Turkey, regardless of whether they are citizens of the Republic of Turkey or not, was 42.18 GB.
The stolen data included 108.57 million Turkish ID numbers, 82.32 million residential addresses, and 134.82 million mobile phone numbers.
Requesting Google's cooperation, USOM also asked for the user account IDs, IP addresses, and port numbers of the person or persons who uploaded the files to Drive.
In two separate letters to the company, dated July 19 and Sept. 3, USOM said, “Your prompt response on this matter is critical to protecting the integrity and security of affected users.”