Russian hackers stole 54 million Turkish citizens’ ID data: Claim

Russian hackers stole 54 million Turkish citizens’ ID data: Claim

Russian hackers stole 54 million Turkish citizens’ ID data: Claim

This photograph taken on November 1, 2013 shows a person claiming to speak for activist hacker group Anonymous is seen issuing a warning throught a video circulated online to "go to war" with the Singapore government over recent Internet licensing rules. AFP photo

Russian hackers have seized 54 Turkish million citizens’ ID data because Turkey’s political parties and the country’s Supreme Election Committee (YSK) share voters’ personal information, a prominent research company manager has said.

“I have heard about it. Hackers in Russia hold 54 million Turkish citizens’ ID numbers, addresses, father names,” the general manager of KONDA research company, Bekir Ağırdır, said last week in Ankara at a meeting to evaluate upcoming local elections in the country, according to a report on online news portal T24. 

Ağırdır also said some parties did not have an anti-virus system but uploaded all electors’ information online and “in two hours hackers downloaded all the information.”

Ağırdır said the Supreme Election Board provided every political party with this information in 2011. 
Recently the main opposition party Republican People’s Party (CHP) launched an “e-elector” initiative that enables citizens to check electoral rolls and detect deficiencies and mistakes through websites and mobile applications.

Ağırdır’s claims came right after a top state body working under the President’s Office recently asserted that Turkey failed to protect citizens’ personal information due to the indifference of public institutions and legal shortcomings, requiring a substantial increase in awareness and the provision of a legal framework targeted at making progress on the issue.

Some government institutions share people’s personal data online with other public and private bodies without ensuring the protection of data, said a State Audit Board (DDK) report, which was posted on the official website of the President’s Office on Dec. 13.

Before preparing its report on “the National and International Situation Assessment over the Protection of Personal Data,” the DDK conducted audits of the Justice and Health Ministries, the General Directorate of Population and Citizenship Affairs, the Social Security Board, the General Directorate of Land Registry and the Revenue Administration Directorate to inspect and assess the level of protection of personal data.

The report came at a time when the public is hotly debating the “profiling” of individuals by public bodies. Daily Taraf recently claimed that the Turkish government had profiled a number of groups based on religion and faith through the National Intelligence Organization (MİT), monitoring their activities until as recent as 2013. However, Prime Minister Recep Tayyip Erdoğan had categorically denied the claims.

Many government institutions are the not the actual proprietors of their information systems, with contractor companies having the authority to access people’s private information without any restrictions, the report said, suggesting that government institutions should have the right to ownership of such information systems instead.

There was a notable lack of awareness among government employees in regards to information security and protection of personal data, the report said, citing that some public employees share private data among themselves offline via CDs, DVDs and flash disks, even though they are aware of rules prohibiting the removal of data from internal networks.

Along with government institutions, private corporations including banking, security, telecommunications, tourism, health, education and transportation companies have the authority to access the public’s personal data easily, the report said, adding that there was no restriction against them possessing personal information.

Despite the existence of separate regulations for the protection of personal information, the reported suggested the passage of a law establishing a framework for the protection of personal data.

“Data sharing among and between public and private institutions is being conducted in the absence of relevant legal parameters,” the report said.