Turkish government denies allegations of a massive data breach impacting 85 million citizens

The Turkish government has firmly rejected reports suggesting a significant data breach involving the personal information of 85 million citizens. The Directorate of Communications released an official statement labeling the claims as “completely unfounded” and stressed that no evidence supports the existence of a leak, nor has there been any request for assistance from Google, as earlier reports suggested.

 

According to the government, allegations that personal data were stolen are rooted in misinformation. The statement further clarified that a recent response by Minister of Transportation and Infrastructure Abdulkadir Uraloğlu, which was interpreted to confirm a breach, was taken out of context. The minister’s comments referred to isolated incidents where individual citizens’ address information was accessed by exploiting stolen passwords, leading the Ankara Chief Public Prosecutor’s Office to take legal action. However, the government stressed that these events do not indicate a system-wide compromise of citizen data.

 

The reports, which circulated widely, claimed that Uraloğlu admitted a cyberattack had targeted Türkiye’s healthcare system during the COVID-19 pandemic, resulting in the leak of personal data. According to these claims, the stolen information included Turkish ID numbers, addresses, and mobile phone numbers, allegedly organized into files on Google Drive. It was further reported that Türkiye’s Information and Communication Technologies Authority (BTK) worked with Google to remove these files as part of an emergency response. However, the government denied the validity of these allegations.

 

Opposition party members, particularly CHP’s shadow health minister Zelihe Aksaz Sahbaz, expressed concern, drawing attention to a previous data breach incident in 2016. Sahbaz referred to a case where the Social Security Institution (SSI) allegedly sold citizens’ health and personal information for 65,000 TL (approximately $1,900). She criticized the government’s current handling of data security, accusing officials of failing to prevent further breaches and inadequately protecting citizens’ personal information.

 

In contrast, Turkish authorities highlighted a recent success in cybersecurity efforts. The National Intelligence Organization (MIT), in collaboration with the gendarmerie and the National Cyber Incidents Response Center (USOM), dismantled an international cyber espionage network that had stolen personal data from individuals around the world and sold it to terrorist organizations.

 

Despite the government’s denial of a large-scale breach, the conflicting reports have intensified the debate over data privacy in Türkiye, raising concerns among citizens and prompting calls for greater transparency regarding the country’s cybersecurity measures.