News
Personal details of 50 million Turkish citizens leaked online - expert comments
April 2016 by Robert Capps, VP of Business Development at NuData Security
News broke overnight that hacktivists have leaked the personal details of 50 million Turkish citizens online, in a breach that was apparently politically motivated and aimed at Turkish President Recap Tayyip Erdo?an. The 6.6GB of information appears to contain the names, addresses and ID numbers of Turkish citizens, and if confirmed would be one of the largest ever public leaks of personal data.
If you are writing about this news today, I have included below expert comments from Robert Capps, VP of Business Development at NuData Security.
"Yes, it’s extremely likely that hacktivists have exposed over half of Turkey’s population to identity crimes, and not an April Fools prank as we had hoped. Those behind the data dump imply it was politically motivated against Turkey’s controversial president, with a link to a more than six and a half gigabyte torrent file containing a list of over 49 million citizens, including names, parents’ names, birth information, registration IDs, full addresses.
This newly reported breach comes hot on the heels of a plethora of other data breaches, including a much larger dump of data pilfered by hacktivists in February, from the Turkish national police database, and 18 months after a similar cyber-heist in South Korea. This is yet another stark reminder that personal data is always a desirable target for cyber criminals, and now hacktivists. No matter how diligent an organisation is in its’ efforts to protect personal data, the data is still getting out there.
Some 52% of security professionals surveyed in a new report from CyberEdge Group, say their organisation will likely fall victim to a successful cyber attack in the next 12 months. Security teams are finally waking up to the new reality when it comes to hacking, that it’s more of a question of ’when’, and not ’if’ they will be breached.
While it appears that Turkey’s controversial president, Recep Tayyip Erdo?an, was the instigation for this breach - the real collateral damage will be to the millions of Turkish citizens who have had their identity compromised. In most cases, the most common result of such a breach is fraudulent account creation or existing consumer account takeover, something we have seen borne out year after year among our clients. Of the last billion account creations we analysed, more than 50% were identified as illegitimate and/or fraudulent. With the level of information released in the recent Turkish breach, criminals have solid profiles on individuals that can be used to create new bank accounts, access existing accounts, or acquire false Government issued identification documents in order to perpetuate all manners of maleficence, including financial crimes and terrorism.
As the amount of stolen personal data continues to skyrocket, traditional authentication techniques such as static usernames and passwords, and other fact based authentication, will become far less effective. Having the correct credentials is simply one part of the equation, but in today’s world, being able to truly verify that it’s the correct human on the other side of the machine is the holy grail. By evaluating hard-to-replicate and impossible-to-steal user behavioral signals, this goal is clearly within our reach. By harnessing the power of continuous behavioral analytics and passive biometrics, we can authenticate users in a more secure and less intrusive manner, while providing a superior consumer experience with less friction.
Clearly, the data is out there in the hands of cyber criminals, with more data joining it every day. How we address the usefulness of this data, will greatly shape the quantity and scale of future data breaches, and related identity crimes to come.”
