17 Dec 2013
Russian hacking group RedHack has seized personal data from some 54 million Turkish citizens on the eve of Turkish local elections, according to Hurryiet Daily News.
ID numbers, addresses and names were stolen from political parties’ databases which apparently use no antivirus protection to secure voters’ data. Data theft on that scale would give the hackers data on almost three quarters of Turkey’s population of 74 million.
“In two hours hackers downloaded all the information,” says research company Konda.
The attack comes after a State Audit Board (DDK) report revealed that “Turkey’s government institutions share people’s personal data online with other public and private bodies without ensuring the protection of data.”
Despite existing regulations, the report points out the lack of a legal framework to protect personal data. The report also reveals that government institutions, including Turkey’s Supreme Election Committee, don’t own their IT systems, which means contractors can freely access citizens’ personal information.
It also appears government employees ignore basic security measures and use CDs, DVDs and USB devices to share private information outside internal networks.
The study was made public at a time when Turkey engages in a heated debate about the government’s surveillance power over Turkish citizens.