Cyber Incident Victim: Turkcell

In February 2014, the hacktivist group RedHack breached systems belonging to three major Turkish telecommunications providers: TTNET, Turkcell, and Vodafone. The group initially leaked data from Vodafone, exposing personal details of approximately 5,000 customers, including names, birth dates, phone numbers, and voicemail delivery records. RedHack claimed to possess half a million voicemail log records from Istanbul spanning two days, asserting this demonstrated Vodafone’s practice of logging voicemails. Concurrently, the hackers leaked phone numbers of thousands of Turkcell employees, though they indicated plans to release additional Turkcell data imminently. RedHack publicly framed these actions as proof that telecom systems were vulnerable despite corporate lobbying for internet control, explicitly warning that entities "committing injustices" would be targeted. The group also leaked information on over 600 Turkish government officials prior to the telecom breaches, aligning with their broader pattern of activism against perceived authoritarian policies.

Turkcell had previously been compromised by RedHack in a related incident where the hackers leaked phone numbers belonging to deputies and government ministries. This earlier breach was a direct protest against controversial internet legislation in Turkey, prompting Turkcell to change the compromised numbers in response. The 2014 breach further exposed systemic vulnerabilities, as RedHack emphasized Turkcell’s inability to secure sensitive employee data despite prior security incidents. The cumulative impact included reputational damage to Turkcell, public scrutiny of telecom data retention practices, and operational disruptions from forced number changes. RedHack’s selective redaction of last names and phone numbers in some leaks reflected a stated intent to "protect the public" while still pressuring corporations and government entities over surveillance and censorship concerns.