A recent data breach has exposed the personal information of more than 2 million Turkish citizens, specifically their vaccination records from 2015 to 2023. This breach, which was brought to light by cybersecurity researchers at SafetyDetectives, raises serious concerns regarding privacy and security.
Unlike previous breaches, this incident occurred due to an information disclosure vulnerability rather than a direct hack. The researchers suspect that the breach took place on April 4, 2023, but the leaked data only appeared on a forum on September 10, 2023. The authenticity of the data has been verified by SafetyDetectives, confirming that it contains sensitive information such as birth dates, doctors’ full TCKNs (Turkish identification numbers), dates of vaccinations, types of vaccines received, hospitals involved, and other details about the vaccination process.
Frequently Asked Questions:
1. How did the data breach occur?
The breach occurred as a result of an information disclosure vulnerability, rather than a direct hack. This suggests that the threat actor was able to extract the data by exploiting a weakness in the system’s security.
2. What is the potential impact of this data breach?
The leaked vaccination records can be misused for various malicious purposes, including identity theft and tracking individuals. With access to this personal information, threat actors can potentially impersonate individuals or carry out targeted attacks.
3. What measures have been taken to address the breach?
Upon discovering the breach, SafetyDetectives immediately notified relevant authorities. It is essential for affected individuals to remain vigilant and monitor their accounts for any suspicious activity. Additionally, healthcare providers and the Ministry of Health must address the security vulnerability that led to this breach to prevent future incidents.
It is essential to note that this incident is not isolated. Other countries, such as India, have also encountered similar breaches of vaccination records. In September 2022, India faced a similar situation where the COVID antigen test results of 1.7 million individuals were leaked online.
In light of these events, it is crucial for organizations and authorities to prioritize the security of sensitive data. Strengthening security measures and promptly addressing vulnerabilities are essential steps in safeguarding individuals’ privacy and protecting against future breaches.