The Turkish Cypriot authorities are to investigate reports that the personal data of more than 350,000 people was leaked after a file belonging to the Turkish Cypriot ‘health ministry’ was reportedly leaked on the dark web, ‘public works minister’ Erhan Arikli said on Monday.

“There is an allegation. We are investigating it. Is there a possibility that it happened? Yes, there is. What is the extent of it? The telecommunications department is investigating it,” he told the Turkish Cypriot legislature.

He added that the Turkish Cypriot authorities are “subjected to attacks from time to time”, and that the north’s telecommunications department “largely prevents these things without publicising them too much”.

However, he said, the current setup of the telecommunications department is “really insufficient” to deal with cybersecurity threats, and for this reason, “we are trying now to create a separate cybersecurity unit”.

“We have requested support from Turkey and there will be developments in the coming days,” he said.

Opposition party CTP representative Sami Ozuslu then pointed out that reports had suggested that people’s personal data first appeared on the dark web “about six months ago”.

When did you become aware of this? What precautions did you take? What are the risks that will arise from the data falling into someone’s hands? Has this been analysed? Why was the public kept uninformed for six months? Whose hands is my personal data in?” he asked.

Arikli said that reports of a mass leak of personal data from the ‘health ministry’ remain “an allegation”.

The north’s ‘health ministry’s building

Newspaper Yeniduzen had reported that “highly sensitive data” belonging to 364,036 people, including names, surnames, identity card numbers, passport numbers, dates of birth, places of birth, addresses, parents’ names, telephone numbers, and vaccination records had all been leaked onto the dark web on January 8.

It quoted “cybersecurity experts” in the Netherlands who spoke on the condition of anonymity as having said that the file containing the data is “easily accessible on the dark web”, and that the data “can be used for many crimes, such as fraud, identity theft … blackmail, [and] stalking”.

This is not an ordinary data breach, but a high-level security crisis which could directly affect the lives of hundreds of thousands of people,” it quoted the experts as having said.