In mid-February 2016, a hacker associated with the collective released a massive trove of data stolen from the Turkish General Directorate of Security (EGM).
The breach first gained international attention in early April 2016 when a 6.6-gigabyte uncompressed file (around 2 gigabytes compressed) was uploaded to a public website hosted via an Icelandic IP address. The Political Context
: A Twitter account known as @CthulhuSec shared links to the archive on file-sharing sites, describing it as "sensitive data" obtained through persistent access to government systems. 2. Massive Citizen Database Leak (April 2016)
| Data Type/Contents | Details & Findings | | :--- | :--- | | | The data was in MySQL format, requiring database knowledge to parse properly. A search tool was provided to help decode the information. | | Personal Information | The data was reported to contain the Turkish National Identifier (akin to a Social Security number) , names, addresses, parents' names, dates of birth, sex, and age. | | Notable Individuals | The personal data of high-profile figures was included, such as President Recep Tayyip Erdoğan, former President Abdullah Gül, and Prime Minister Ahmet Davutoğlu. | | The "MERNIS" Confusion | Much of the personal data was actually the 2009 national voter registry , not current police intel. Turkish officials later confirmed it was not a real-time police database but likely the MERNIS citizen registry data from the 2009 local elections. | | Data Age | Forensic analysis indicated the database files were from as far back as April 2009, with the accompanying software compiled in its latest form in 2013. | turkish police data dump 2016 free
However, this line of defense did not erase the core problem. For millions of Turkish citizens, it did not matter if the database was stolen in 2016 or a decade earlier. The leaked files contained a wealth of personal information, a "privacy nightmare" that could be used for identity theft, sophisticated fraud, and targeted phishing attacks for years to come.
In July 2016, a significant data breach occurred when a large dataset of Turkish police records was leaked online. The leaked data, which included information on millions of Turkish citizens, exposed the vast extent of state surveillance on the population. The incident raised essential questions about the balance between security concerns and individual freedoms in Turkey. This paper aims to explore the implications of the Turkish police data dump on the concepts of freedom and surveillance.
In mid-February 2016, a U.K.-based privacy activist and researcher operating under the pseudonym (Thomas White) published a 17.8 GB compressed archive . The file was hosted as a torrent and via Tor hidden services under the label "Turkish Police Data Dump". Hacktivists claimed the data was exfiltrated directly from the servers of the Turkish General Directorate of Security (EGM) . The hack was framed as a protest against state censorship and corruption. In mid-February 2016, a hacker associated with the
In early 2016, two major but distinct data dumps related to occurred, involving both police information and general citizenship records. These leaks were widely reported as being available for "free" public download via torrents and file-sharing sites. 1. The Turkish National Police (EGM) Leak (February 2016)
: The release of such data can have several implications. It can affect the integrity of ongoing investigations, put individuals at risk, and also raise questions about data security within law enforcement agencies.
The 2016 security disaster unfolded in two distinct waves, which initially caused confusion among cybersecurity researchers regarding the true origins of the files. Wave 1: The "Turkish Police Data Dump" (February 2016) | | Personal Information | The data was
Rather than a single incident, the 2016 timeline comprised two distinct milestones: an targeting the Turkish national police force in February, followed closely by the MERNIS public citizenship database leak in April, which compromised the personal records of roughly 50 million citizens . Chronology of the 2016 Exposures 1. The February 17.8 GB Police Database Spill
At the time, the data dumps were made available via torrents and links on hacker websites and social media, often presented as a "free" download.
The 2016 leak served as a catalyst for significant changes in Turkey’s approach to data privacy.