Privacy-Related Consequences of Turkish Citizen Database Leak

TL;DR

This paper analyzes the Turkish citizen database leak, revealing significant privacy risks such as identity theft and personal data exposure, and emphasizes the need for stricter security measures to protect individual privacy.

Contribution

It provides a detailed analysis of the leak's privacy implications and demonstrates how automated processing can uncover sensitive personal information.

Findings

Identification of mother's maiden name for many individuals

Extraction of landline numbers from leaked data

Highlighting increased risks of identity theft and scams

Abstract

Personal data is collected and stored more than ever by the governments and companies in the digital age. Even though the data is only released after anonymization, deanonymization is possible by joining different datasets. This puts the privacy of individuals in jeopardy. Furthermore, data leaks can unveil personal identifiers of individuals when security is breached. Processing the leaked dataset can provide even more information than what is visible to naked eye. In this work, we report the results of our analyses on the recent "Turkish citizen database leak", which revealed the national identifier numbers of close to fifty million voters, along with personal information such as date of birth, birth place, and full address. We show that with automated processing of the data, one can uniquely identify (i) mother's maiden name of individuals and (ii) landline numbers, for a significant portion of people. This is a serious privacy and security threat because (i) identity theft risk is now higher, and (ii) scammers are able to access more information about individuals. The only and utmost goal of this work is to point out to the security risks and suggest stricter measures to related companies and agencies to protect the security and privacy of individuals.