Yesterday’s report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point. In this case, the hacker (or “hacktivist”) apparently had a beef with the Turkish government, although financial gain may also have been an objective. While the breach doesn’t appear to include financial information, it does include personal details sufficient for various forms of identity theft.
Based on preliminary information, the breach would seem to be nearly double the size of the 2015 U.S. Office of Personnel Management breach.
The private sector mostly continues to make progress in threat prevention, detection and mitigation. Adoption of technologies such as EMV, tokenization and the evolution of PCI-DSS are helpful. But governments often lack the expertise, resources, or accountability to protect sensitive data. Unfortunately, things don’t seem to be getting better.