Turkish Identity Breach May Affect 50 Million
A breach of the Turkish national database has confirmed that it contains personal information of around 50 million people.
Although the leak has been claimed to contain data from 2008, and it contains no new records beyond that year, it has also been claimed that the data was leaked and decrypted by researcher Cthulhu back in February.
According to Business Insider, the data included: the National Identifier (TC Kimlik No); first name and last name; mother’s and father’s first name; gender; date and city of birth; and full address.
The Turkish national ID number system is used to enable access to a number of government services, like taxation, voting, education, social security, health care, and military recruitment, reported The Guardian.
At the time of writing, the validity of the data has not been confirmed, but it could go down as one of the largest data breaches in history for some time, said Alex Cruz Farmer, VP of cloud at NSFOCUS IB.
“Governments are often the most targeted for cyber-attacks and, as we have learned, it only takes one single field on a website to compromise an entire infrastructure. We remind all communities to be vigilant and alert at all times, and maintain security policies and technologies. Security must stop being an afterthought, and be the first thing any CIOs consider.”
Robert Capps, VP of business development at NuData Security, said: “Those behind the data dump imply it was politically motivated against Turkey’s controversial president."
“While it appears that Turkey’s controversial president Recep Tayyip Erdogan was the instigation for this breach, the real collateral damage will be to the millions of Turkish citizens who have had their identity compromised. In most cases, the most common result of such a breach is fraudulent account creation or existing consumer account takeover, something we have seen borne out year over year among our clients."
“With the level of information released in the recent Turkish breach, criminals have solid profiles on individuals that can be used to create new bank accounts, access existing accounts, or acquire false Government issued identification documents in order to perpetuate all manner of malfeasance, including financial crimes and terrorism.”
Source: Information Security Magazine