Turkish Cypriot Administration Data Breach Exposes Records of Over 364,000 Individuals on Dark Web
The personal and medical records of more than 364,000 individuals registered within the Turkish Republic of Northern Cyprus (KKTC) public health system have been compromised and surfaced on the dark web. This alarming breach, reported by cybersecurity experts, marks one of the most significant data leaks in the region’s history.
Context of the Breach
Cyprus has been politically divided since 1974, following a Turkish military intervention that occurred after a coup in Nicosia supported by Greece’s military junta. The KKTC, established in 1983, is recognized solely by Turkey. The recent breach affects data managed by the Turkish Cypriot administration’s health ministry, encompassing both local citizens and foreign nationals who have utilized healthcare services in northern Cyprus.
Cybersecurity specialists based in the Netherlands have confirmed the authenticity of the leaked files, which they describe as one of the largest data breaches in the area. The exposed information poses significant risks, including potential identity theft, fraud, blackmail, and stalking.
Scope of the Data Compromised
The leaked database reportedly contains records from individuals of 202 different nationalities, with approximately 340,000 records indicating that the breach extends beyond Turkish Cypriots to include numerous foreign nationals, including Turkish citizens who have accessed healthcare in the region.
In addition to the health records, hackers have claimed possession of a separate database containing information about individuals diagnosed with HIV/AIDS, although this assertion has not been independently verified. They also allege to have obtained entry and exit records for around 340,000 individuals who traveled to northern Cyprus.
Official Responses and Investigations
Transportation Minister Erhan Arıklı acknowledged the gravity of the situation, stating that the Information Technologies and Communications Authority is actively investigating the incident. He remarked, “This is an allegation. We are investigating it. Is it possible? Yes, it is.”
Arıklı noted that government institutions have previously been targets of cyberattacks and admitted that the administration lacks adequate technical personnel to respond effectively. He indicated that officials have sought cybersecurity assistance from Turkey and are in the process of establishing a new cyber defense unit.
Initially, officials reported no evidence of a breach; however, subsequent reports revealed screenshots from a dark web forum where hackers advertised the stolen data. In one post, the attackers identified themselves by pseudonyms and claimed responsibility for leaking the KKTC health database. They stated that the database includes around 340,000 records containing personal information such as names, identity numbers, birthplaces, addresses, and family details.
Calls for Accountability and Security Measures
The Chamber of Computer Engineers has called for an independent investigation, emphasizing that the incident should be treated as a matter of public safety and national security rather than merely an IT issue. The organization criticized the lack of a national cybersecurity strategy and monitoring centers, arguing that institutional weaknesses have left public systems vulnerable to cyber threats.
The Cyprus Turkish Medical Association has warned that if confirmed, this breach would represent the largest data leak in the territory’s history. The association’s chair, Özlem Gürkut, stated that public trust cannot be restored if citizens’ sensitive personal information remains unprotected. She urged the government to disclose when the breach was first detected, whether biometric data was compromised, and who would be held accountable.
The main opposition party, the Republican Turkish Party (CTP), has accused the government of failing to safeguard state systems. CTP leader Sıla Usar İncirli remarked that hackers have effectively operated within government networks undetected and questioned whether officials are aware of who controls citizens’ personal data. CTP lawmaker Ürün Solyalı emphasized that while cyberattacks are an unavoidable reality in the digital age, governments are responsible for establishing adequate defenses. He criticized the administration for not providing sufficient funding, staffing, or legal frameworks to institutions responsible for e-government services and personal data protection.
Timeline and Broader Implications
The leaked database first appeared on a dark web forum on January 8 and remained publicly accessible for several months before it garnered significant attention. Opposition politicians have raised concerns about why the public was not informed sooner, given that the data had been available online for nearly six months.
This breach raises critical questions regarding the security of the Turkish Cypriot administration’s digital infrastructure, which is backed by Turkey. The KKTC e-government portal is operated by the Prime Ministry’s Digital Transformation and Electronic Government Authority, with Turkey’s state-owned Türksat playing a central role in developing and integrating the system, including e-health services.
The situation also highlights ongoing criticisms that Turkey and its affiliated institutions have failed to adequately protect personal data. In September 2024, Turkey’s National Cyber Incident Response Center (USOM) reported that hackers had uploaded a database containing the personal details of over 108 million Turkish citizens, including deceased individuals, to Google Drive, exposing national ID numbers, addresses, phone numbers, and other sensitive records.
Public discontent regarding Turkey’s data security measures intensified following the release of a documentary by the İstanbul-based media outlet 140journos, which alleged that hackers exploited vulnerabilities in government health databases to access medical records and identity information of millions. The documentary claimed that some of the stolen data was later sold through underground online marketplaces.
For further details, visit the source: www.turkishminute.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
