Cyber Incident Victim: TurkNet
Date:
Mar 2025
Location:
Turkey
Summary
TurkNet disclosed that a cyberattack targeted its database, resulting in the exposure of certain customers’ personal data including names, surnames, phone numbers, subscription numbers, Turkish identity numbers, address details and static IP information while emphasizing that financial records and user passwords remained secure and end‑to‑end encrypted. The provider stated that no service interruption occurred and that it had heightened technical and administrative safeguards, notified the Personal Data Protection Authority and the Information and Communication Technologies Authority, and is coordinating with law‑enforcement agencies to identify the perpetrators and initiate legal proceedings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 11, 2025, TurkNet, a Turkish internet service provider, disclosed that its database had been subjected to a cyber attack. The company stated that the attack targeted its customer data storage and resulted in the unauthorized access of certain personal information. According to the announcement, the compromised data included customers' names, surnames, phone numbers, subscription numbers, Turkish identity numbers, subscription details, addresses, and static IP information. TurkNet emphasized that the breach was detected and confirmed as a database‑oriented incident.
The provider clarified that financial data and user passwords were not accessed during the attack and that these items remain protected by end‑to‑end encryption. TurkNet said that, despite the breach, its technical and administrative security levels were raised and that no service interruption or operational problem was experienced after the incident. The company noted that it had taken immediate steps to contain the situation and to secure the affected systems. It also confirmed that the breach was reported to the Personal Data Protection Authority (KVKK) and the Information and Communication Technologies Authority (ICTA).
Following the notification to the authorities, TurkNet indicated that all additional precautionary measures had been implemented and that customers could continue to use their existing passwords safely when accessing the Online Transaction Center and mobile application. The company pledged to keep affected individuals informed about any further developments related to the investigation and legal processes. TurkNet concluded its statement by saying that efforts to identify the perpetrators and to initiate necessary legal proceedings were being carried out in coordination with the relevant government agencies.