A hacker going by the online alias ROR[RG] has released a large amount of data that belonged to a Turkish National Police database and is thought to contain large amounts of sensitive private information. ROR[RG] is aligned with the Anonymous hacktivist group and has leaked the data that was supposedly stolen from Turkish General Directorate of Security (EGM) onto a number of peer-to-peer sites for anyone to download and examine.
The data was released through The Cthulu website, which has been a host of a number of leaks by members of Anonymous in the past, including a serious hack against a US Police union last month. A statement released with the data explains that the data was taken from the EGM and that “the source has had persistent access to various parts of the Turkish Government infrastructure for the past 2 years.” It went on to explain that “in light of various government abuses in the past few months, has decided to take action against corruption by releasing this.”
Based on examination of the files in the leak, they appear to originate from a MySQL database, which Reddit confirms. A number of users on the world news subreddit (including some Turkish posters) loaded up the leaked database, finding that it was from the MERNIS system and contained a directory of an enormous amount of Turkish citizens, including ID numbers and full addresses. Exactly how much of the Turkish population this data covers is currently unknown, but this looks to be a disastrous breach for the Turkish government.
It is worrying for the information security of the Turkish government that such a leak was allowed to take place. Not just this, but the fact that the hacker had supposedly had continuous access to government systems for at least two years prior to the leak. The potential consequences of this leak are huge too, as it provides a treasure trove of personal data for criminals to use. Hopefully, the Turkish government will have an answer for this leak, however, it may be too-little-too-late for those whose personal data is already in the public domain.