A recent discovery by SafetyDetectives cybersecurity experts has unveiled the theft of vaccination records of over 2 million citizens in Turkey. The breach, which exposed personal information in the vaccination data from 2015 to 2023, is particularly alarming, as it affects a large portion of the population.
Although the leaked data first surfaced on a forum on September 10, 2023, investigators believe that the breach itself occurred on April 4, 2023. The breach appears to be the result of an information disclosure vulnerability and marks a large-scale privacy compromise, with extensive details, including birth dates, doctors’ identification numbers, vaccination dates, types, and locations, hospitals, dose numbers, and partial Turkish Identification Numbers (TCKNs), being revealed.
The Security Detectives Cybersecurity Team’s blog post noted that the leaked data contains partially redacted patient TCKNs, indicating that the information may have been scraped from an online platform or service used by Turkish healthcare providers or the Ministry of Health. Furthermore, there were over 125,000 unredacted TCKNs of doctors, which implies that the entire data breach has exposed the personally identifiable information (PII) of approximately 70% of the healthcare providers in the country. These findings raise concerns about the privacy and security of millions of Turkish citizens whose vaccination records have been compromised.
This incident is part of a larger trend of data breaches affecting national databases. In the same forum, details of over 49 million Turkish citizens were exposed. The previous leak, dating back to 2016, has resurfaced in various hacker forums and poses a significant threat as the personal data, including addresses, can be utilized for identity theft and tracking individuals for malicious purposes.
The Turkish breach also ties into a broader global trend. India, for instance, experienced a similar incident, where the COVID antigen test results of 1.7 million people were leaked online. Globally, large-scale data breaches have impacted citizens in Swedens, the United States, Ghana, and Indonesia, among other countries.
These breaches not only compromise the privacy and security of individuals but also pose a significant risk to national security and healthcare systems. Moreover, they have the potential to contribute to identity theft, tracking, and other malicious activities. The breach of 2 million Turkish citizens’ vaccination records and the subsequent exposure of their personal data underscores the urgent need for improved data protection measures.