World

TRNC Probes Reported Health-Linked Data Leak Affecting 364,000 People

By Bosphorus News ·
TRNC Probes Reported Health-Linked Data Leak Affecting 364,000 People

By Bosphorus News Geopolitics Desk


Authorities in the Turkish Republic of Northern Cyprus (TRNC) are investigating reports that personal data linked to 364,036 people appeared on dark web forums, after a YENİDÜZEN investigation said records tied to the health system had been circulating online since January 8.

The disclosure has triggered a political fight in northern Cyprus, with opposition lawmakers asking when officials first learned of the alleged leak, what measures were taken and why the public was not informed earlier.

YENİDÜZEN reporter Tümay Tuğyan reported this week that attackers claiming to have targeted TRNC Health Ministry systems posted a database containing personal records of people who had used or come into contact with state health services. The paper said the file included names, surnames, nationalities, identity card numbers, passport numbers, foreign identity numbers, gender, dates and places of birth, addresses, parents' names, telephone numbers, Adapass vaccination codes and school information.

The reported dataset includes children and students, according to the newspaper. YENİDÜZEN also said records belonging to foreign nationals and European Union citizens were present, widening the potential exposure beyond Turkish Cypriot nationals.

Cybersecurity specialists based in the Netherlands examined the material for YENİDÜZEN and described the file as easily accessible on dark web hacker forums. They warned that the data could be used for fraud, identity theft, blackmail, stalking, targeted phone scams and social engineering through family-linked information.

Forum Claims

YENİDÜZEN later published what it described as evidence from the hacker forum, where attackers using the names @harakiri, @cell and @dejavu advertised the stolen material.

The forum post described the file as "North Cyprus Health Ministry Database" data and mocked the target, according to YENİDÜZEN's account. The attackers also claimed to hold a separate list of people with HIV/AIDS diagnoses registered in the health system, though they said they had not published it.

They further claimed to possess data on about 340,000 people who had entered and exited northern Cyprus. Those claims have not been independently verified, and Bosphorus News is not treating them as established fact.

The HIV/AIDS claim requires particular caution. Even if only asserted by attackers, the claim adds a sensitive health-data layer to the case and raises the risk of blackmail, discrimination and personal harm if any such dataset exists.

Official Response

TRNC health officials have not confirmed that core health systems were breached. Health Ministry Undersecretary Düriye Deren Oygar said the ministry's main health-information systems operate on infrastructure closed to external access and that laboratory results, hospital records and similar sensitive medical data were not found to have been compromised.

Oygar said technical checks found the problem was limited to a work permits software application used jointly by the Health Ministry, the Labour Ministry and the Immigration Department. She said teams identified the problem in early March after a tip-off and had since worked on vulnerability closure, penetration tests and firewall strengthening.

TRNC Public Works and Transport Minister Erhan Arıklı was more cautious when the issue reached parliament on June 22. He said the allegation was being investigated by the Information Technologies and Communications Authority (BTHK), and that a leak could not be ruled out before the technical review was completed.

"This is a claim. We are investigating it. Is there a possibility? There is. What is its scale? BTHK is investigating," Arıklı said, according to YENİDÜZEN.

Kıbrıs Postası reported that Arıklı told parliament the BTHK was conducting a detailed investigation and that the results would be shared with the public. He said the TRNC was working with Türkiye to build a centralized cyber-security structure and had requested technical support from Türkiye's Cyber Security Presidency.

Arıklı also said specialist teams from Türkiye were expected to support work on strengthening public-sector security infrastructure and training personnel. He said public institutions and banks in the TRNC had faced cyberattacks before, some of which had been blocked before reaching the public agenda.

Six-Month Silence

The January date has become a political issue. Republican Turkish Party (CTP) lawmaker Sami Özuslu pressed Arıklı in parliament over when officials became aware of the reported leak, what precautions were taken and whether the risks had been assessed.

"When did you become aware of this? What precautions did you take? What are the risks that will arise from the data falling into someone's hands? Has this been analysed? Why was the public kept uninformed for six months? Whose hands is my personal data in?" Özuslu asked, according to Cyprus Mail.

Arıklı did not give a direct answer on when officials first learned of the reported breach.

The Communal Democracy Party (TDP) called for the 364,036-person data leak claim to be investigated in full and said the public should be informed without gaps. The party said the issue could not be closed with a few statements if identity and contact information had been exposed.

Turkish Cypriot Medical Association President Özlem Gürkut said that if the allegations were confirmed, northern Cyprus would be facing one of the largest personal-data breach allegations in its history. She said public trust could not be rebuilt in an environment where citizens' most private information cannot be protected.

The Computer Engineers Chamber also called for institutional action, saying cyber-security could no longer be left to individual information-technology departments. The chamber said the issue now touches public safety, economic security, personal-data protection and national security, and renewed calls for a national cyber-security strategy, regular audits of critical public systems and a national cyber-security center.

Digital State Capacity

The reported breach carries implications beyond one ministry. If the data has been accessible since January, officials may not be able to determine how many copies exist, how many times the file has been downloaded or whether it has moved to other platforms.

The presence of foreign nationals and reported EU citizen records also adds an external layer. The TRNC's international status complicates formal regulatory channels, but exposure of EU citizens' data could draw scrutiny from data-protection bodies and governments whose nationals appear in the dataset.

The episode also lands while the Turkish Cypriot legislature is debating a Digital Transformation and e-Government law that would centralize public-sector data infrastructure, including through Türksat, Türkiye's state satellite and technology company. Opposition figures and professional chambers that had already raised data-sovereignty concerns now have a live cyber-security crisis to cite.

The case now links a reported health-linked data leak to delayed disclosure, weak public-sector cyber defences and a Türkiye-backed push to centralize cyber-security capacity in the TRNC.


Sources: YENİDÜZEN, Cyprus Mail, Kıbrıs Postası, BRTK, Kıbrıs Türk, Kıbrıs Gerçek, Turkish Cypriot Medical Association, Turkish Cypriot Computer Engineers Chamber, BirGün, Bosphorus News review and reporting.