Turkish Transport and Infrastructure Minister Abdulkadir Uraloğlu has denied allegations of a massive new data breach affecting millions of Turkish citizens while acknowledging an earlier leak that occurred during the COVID-19 pandemic.
Speaking to reporters after a cabinet meeting at the presidential palace, Uraloğlu was asked if hackers had accessed the personal information of 85 million citizens. He responded by recalling a previous incident in which health data was compromised but dismissed claims of any new breach.
“This is from the pandemic period, as you may remember, a leak from the health system. Other than that, there is no indication that people’s current data has been stolen,” Uraloğlu said. “It is true that some information was unfortunately obtained during that period, and it could not be prevented.”
Uraloğlu’s comments come after the Free Web Turkey platform revealed a significant breach that reportedly exposed the personal data of all Turkish citizens, including names, ID numbers, addresses and phone numbers. The National Cyber Incident Response Center (USOM) discovered that the stolen data had been uploaded to Google Drive by hackers.
USOM, which operates under the Information and Communication Technologies Authority (BTK), requested Google’s help in removing the files and identifying the hackers responsible. The BTK expressed concern over the potential for identity theft and other cyberattacks resulting from the breach.
While Uraloğlu denied the latest claims of data theft, he acknowledged the data breach in the health ministry.
In March investigative journalist Cevheri Güven revealed that organized crime groups had exploited vulnerabilities in Turkey’s government databases, gaining access to the personal information of Turkish citizens. Güven reported that the Ministry of Health’s public health management system had been compromised during the COVID-19 pandemic through malware hidden in unlicensed software, allowing hackers to infiltrate the system. Uraloğlu’s recent acknowledgment of a data leak during the pandemic confirms this account, as he admitted that some personal information was indeed obtained at the time, although the breach could not be prevented.
Güven also criticized the Turkish government for failing to address the root causes of the breach, pointing to the widespread use of pirated software in government institutions as a major vulnerability. His investigation highlighted the ongoing risks of criminal networks accessing sensitive data in real time, an issue that remains a significant concern for cybersecurity experts.