The Central Civil Registration System (MERNİS) is Turkey's centralized database for identity, civil status, and residential address information. Managed by the Ministry of Interior, it serves as the backbone of Turkey's e-government infrastructure, assigning a unique 11-digit Turkish Republic Identity Number (TC Kimlik No) to every citizen. The 2016 Data Leak

Do not open or extract this file on an internet-connected device unless you are certain of its legal source and your authorization. If obtained from an untrusted source, it could also contain malware.

We are releasing mernis.tar.gz – a packaged version of the MERNIS web service client for Turkish Republic ID (TC Kimlik No) verification. This package includes SOAP client stubs, sample configuration files, and helper classes for integrating with the official MERNIS (Merkezi Nüfus İdaresi Sistemi) service.

Use the file command to see if it’s truly a tarball or a renamed binary:

Over the decade following the leak, the raw data from mernis.tar.gz was merged with subsequent leaks from e-commerce sites, hospital booking systems, and cargo companies. This gave rise to underground "identity check panels" accessible via Discord bots or Telegram channels. Today, malicious actors can look up almost any Turkish citizen's live location, phone number, and family tree for pennies, a direct evolution of the original 2016 leak. Global Cybersecurity Lessons from MERNIS

: Examining the timing of the leak (around 2016) and how such incidents are used as leverage in international relations or political activism. Key Technical Concepts

Originally surfacing in April 2016, the file contains personal identification records for approximately 49,611,709 Turkish citizens Technical Details File Format : A compressed Tarball ( Compressed : ~1.4 GB to 1.5 GB. Uncompressed : ~6.6 GB. Internal Data : The archive contains a MySQL database dump ( Content of the Database

import com.mernis.client.KPSPublic; // ... KPSPublic service = new KPSPublic(); boolean isValid = service.TCKimlikNoDogrula(tcNo, ad, soyad, dogumYili);

[Your Name/Team] Date: [Current Date]

: The government's initial denial, contradicted by later admissions, eroded public trust. A transparent and immediate response, along with proactive measures to protect citizen data, is crucial.

The prevailing consensus is that the data was not exfiltrated via a direct hack on the central MERNIS servers. Instead, the vulnerability lay in an authorized third-party endpoint.

Interestingly, while the government denied a breach of MERNIS, Justice Minister Bekir Bozdağ later confirmed the authenticity of the leak, stating that the personal information of 49 million citizens had indeed been compromised. This acknowledgment highlighted a severe contradiction within the official narrative. Later reports, including a prosecutor's referral letter from 2025, suggested that the MERNIS database and other integrated information systems had been infiltrated by cybercriminals who had obtained the passwords of authorized users, further indicating a deep and systemic security failure.

: The Gzip compression protocol, used to shrink the massive database into a transferable size (roughly 2 gigabytes compressed, expanding significantly when extracted). The Contained Data Fields

Sensitive identity fields like national ID numbers should be hashed, tokenized, or heavily encrypted at rest, preventing simple text queries even if the physical database file is stolen.

You may also like

ArticlesSocial marketing

How Brands Turn UGC Videos into Effective Ads (with Examples)

Mernis.tar.gz [best] -

The Central Civil Registration System (MERNİS) is Turkey's centralized database for identity, civil status, and residential address information. Managed by the Ministry of Interior, it serves as the backbone of Turkey's e-government infrastructure, assigning a unique 11-digit Turkish Republic Identity Number (TC Kimlik No) to every citizen. The 2016 Data Leak

Do not open or extract this file on an internet-connected device unless you are certain of its legal source and your authorization. If obtained from an untrusted source, it could also contain malware.

We are releasing mernis.tar.gz – a packaged version of the MERNIS web service client for Turkish Republic ID (TC Kimlik No) verification. This package includes SOAP client stubs, sample configuration files, and helper classes for integrating with the official MERNIS (Merkezi Nüfus İdaresi Sistemi) service.

Use the file command to see if it’s truly a tarball or a renamed binary: mernis.tar.gz

Over the decade following the leak, the raw data from mernis.tar.gz was merged with subsequent leaks from e-commerce sites, hospital booking systems, and cargo companies. This gave rise to underground "identity check panels" accessible via Discord bots or Telegram channels. Today, malicious actors can look up almost any Turkish citizen's live location, phone number, and family tree for pennies, a direct evolution of the original 2016 leak. Global Cybersecurity Lessons from MERNIS

: Examining the timing of the leak (around 2016) and how such incidents are used as leverage in international relations or political activism. Key Technical Concepts

Originally surfacing in April 2016, the file contains personal identification records for approximately 49,611,709 Turkish citizens Technical Details File Format : A compressed Tarball ( Compressed : ~1.4 GB to 1.5 GB. Uncompressed : ~6.6 GB. Internal Data : The archive contains a MySQL database dump ( Content of the Database The Central Civil Registration System (MERNİS) is Turkey's

import com.mernis.client.KPSPublic; // ... KPSPublic service = new KPSPublic(); boolean isValid = service.TCKimlikNoDogrula(tcNo, ad, soyad, dogumYili);

[Your Name/Team] Date: [Current Date]

: The government's initial denial, contradicted by later admissions, eroded public trust. A transparent and immediate response, along with proactive measures to protect citizen data, is crucial. If obtained from an untrusted source, it could

The prevailing consensus is that the data was not exfiltrated via a direct hack on the central MERNIS servers. Instead, the vulnerability lay in an authorized third-party endpoint.

Interestingly, while the government denied a breach of MERNIS, Justice Minister Bekir Bozdağ later confirmed the authenticity of the leak, stating that the personal information of 49 million citizens had indeed been compromised. This acknowledgment highlighted a severe contradiction within the official narrative. Later reports, including a prosecutor's referral letter from 2025, suggested that the MERNIS database and other integrated information systems had been infiltrated by cybercriminals who had obtained the passwords of authorized users, further indicating a deep and systemic security failure.

: The Gzip compression protocol, used to shrink the massive database into a transferable size (roughly 2 gigabytes compressed, expanding significantly when extracted). The Contained Data Fields

Sensitive identity fields like national ID numbers should be hashed, tokenized, or heavily encrypted at rest, preventing simple text queries even if the physical database file is stolen.

mernis.tar.gzLuz Dugarte
Articles

8 Best SendGrid Alternatives in 2026

SendGrid is a transactional email service provider for email marketing campaigns and transactional emails. It’s used by major enterprises like Uber, Spotify, and Airbnb. But SendGrid isn’t the only option available. And...

mernis.tar.gzRukham Khan