Turkey has established a state cybersecurity directorate to protect sensitive information and improve its digital security infrastructure amid widespread concern over personal data breaches affecting millions in the country, Deutsche Welle’s Turkish edition reported on Wednesday .
Turkish President Recep Tayyip Erdoğan established the Ankara-based Cybersecurity Directorate by a decree published in the Official Gazette. The newly established authority aims to develop and implement national cybersecurity policies and strengthen the protection of state and public digital services. Observers say the institution was established as part of efforts to address massive data breaches that have plagued the country in recent years.
The directorate will employ 135 people, including 30 engineers, technicians and technologists, and will operate under the direct supervision of the president’s administration. It also has the authority to open international offices. Key responsibilities will include developing data theft prevention strategies, raising public awareness, conducting professional training and planning for cyber crises and emergencies.
The establishment of the directorate follows a series of high-profile data breaches that exposed the personal data of millions of Turkish citizens, leading to public outrage.
In September 2024 the National Cyber Incident Response Center (USOM) reportedly found out that hackers had uploaded sensitive data — including the names, ID numbers, home addresses and phone numbers of over 108 million Turkish citizens — to Google Drive. The stolen information was reportedly taken from official government databases.
Özgür Karabat, a member of parliament from the main opposition Republican People’s Party (CHP), recently revealed that the personal data of Turks containing full addresses and identification numbers was being sold online for as little as $5.
Health data was also compromised in previous leaks during the COVID-19 pandemic, with hackers exploiting vulnerabilities in health ministry systems. Investigative reports by journalists such as İbrahim Haskoloğlu and Cevheri Güven have pointed to other systemic vulnerabilities, including the use of pirated software in government facilities that was used by criminal networks to access real-time data.
The government is facing increasing criticism for its inability to prevent data theft. While authorities have acknowledged some breaches in the past, including those during the pandemic, they have denied allegations of more recent incidents.
The viral video of Karabat exposing the online sale of citizens’ data has heightened these concerns. Experts warn of widespread identity theft and other cybercrimes. Haskoloğlu, who reported on a breach of sensitive data from government websites in 2022, was arrested and prosecuted.