A senior Turkish opposition lawmaker has revealed in a viral video that the personal data of millions of Turkish citizens, including addresses and identification numbers, can be purchased online for as little as $5.
Özgür Karabat, deputy chairman of the Republican People’s Party (CHP), detailed the sale of personal data packages priced at 200, 500 and 1,200 Turkish lira ($5, $14 and $34), which reportedly allow buyers to access sensitive details, including full addresses. In his social media posts, Karabat criticized the government for its failure to protect citizens’ data and called on the Ministry of Interior to respond.
200 TL'ye tüm kimlik bilgileriniz satılık!
Vatandaşının gizli bilgilerini koruyamayanlar normal bir ülkede istifa edip bağımsız yargıya hesap verir!
Tüm bilgilerimizin satın alınabildiğini gösteren bu görüntüler karşısında içişleri Bakanlığından bir açıklama bekliyoruz.… pic.twitter.com/weN6Xr5eFT
— Özgür KARABAT (@OzgurKarabatCHP) November 24, 2024
“This is a breach of privacy on an unimaginable scale,” Karabat said in the video. “In any other country, those responsible would resign and be held accountable by independent courts.”
Turkey’s data breach crisis
The revelation has reignited debates over Turkey’s data security vulnerabilities. Over the past few years, several major data breaches have exposed millions of citizens’ personal information, sparking political controversy and public outcry.
In September 2024 Transport and Infrastructure Minister Abdulkadir Uraloğlu denied allegations of a new breach but confirmed an earlier leak during the COVID-19 pandemic, where health data was compromised. According to Uraloğlu, hackers exploited the Ministry of Health’s systems during the pandemic, and the breach went unresolved.
The National Cyber Incident Response Center (USOM) recently discovered that some of the stolen data had been uploaded to Google Drive by hackers, prompting requests for Google to remove the files. Cybersecurity experts warned that the breach could lead to widespread identity theft and other crimes.
This is not the first time Turkey has faced allegations of failing to secure citizens’ data. In 2022 investigative journalist İbrahim Haskoloğlu reported that hackers had stolen personal information from government websites, including sensitive details about high-profile figures such as President Recep Tayyip Erdoğan. Haskoloğlu was briefly detained for sharing the information but criticized prosecutors for failing to investigate the individuals responsible for the breach.
In March 2024 journalist Cevheri Güven reported that organized crime groups had exploited vulnerabilities in government databases, gaining real-time access to sensitive data. Güven also highlighted the use of pirated software in government institutions as a significant security flaw.
Karabat’s exposé has drawn attention to ongoing inadequacies in Turkey’s cybersecurity infrastructure. The CHP deputy demanded an explanation from Interior Minister Ali Yerlikaya and urged the government to implement stronger data protection measures.
Karabat’s video has gone viral on social media, prompting citizens to express anger over the state’s inability to safeguard their personal information.
While the government has acknowledged past incidents, officials have largely denied recent allegations, leaving questions about the extent of the problem unanswered.