Nicosia, Cyprus. Turkish Cypriot authorities are investigating reports that personal data belonging to more than 350,000 people was leaked after a file linked to the Turkish Cypriot ‘health ministry’ was reportedly published on the dark web, ‘public works minister’ Erhan Arikli said on Monday. He told the Turkish Cypriot legislature that the matter remains under investigation and described the reported breach as an allegation.
Investigation under way
“There is an allegation. We are investigating it. Is there a possibility that it happened? Yes, there is. What is the extent of it? The telecommunications department is investigating it,” Arikli said.
He said the Turkish Cypriot authorities are “subjected to attacks from time to time”, adding that the north’s telecommunications department “largely prevents these things without publicising them too much”.
Cybersecurity concerns
Arikli said the current setup of the telecommunications department is “really insufficient” to deal with cybersecurity threats and that efforts are under way to create a separate cybersecurity unit.
“We have requested support from Turkey and there will be developments in the coming days,” he said.
Opposition questions timing and public notification
Opposition party CTP representative Sami Ozuslu said reports had suggested that people’s personal data first appeared on the dark web “about six months ago”.
He asked when the authorities became aware of the matter, what precautions had been taken, what risks had been analysed, why the public had not been informed for six months, and whose hands the personal data may be in.
Arikli said reports of a mass leak of personal data from the ‘health ministry’ remain “an allegation”.
Reported contents of leaked file
Newspaper Yeniduzen reported that “highly sensitive data” belonging to 364,036 people was leaked onto the dark web on January 8.
According to the newspaper, the data included names, surnames, identity card numbers, passport numbers, dates of birth, places of birth, addresses, parents’ names, telephone numbers, and vaccination records.
Yeniduzen quoted anonymous “cybersecurity experts” in the Netherlands as saying that the file is “easily accessible on the dark web” and that the data “can be used for many crimes, such as fraud, identity theft … blackmail, [and] stalking”.
