Two recent data breaches exposed the personal information of more than 100 million people in Turkey and the Philippines.
Hackers released a 6.6 GB file containing almost 50 million Turkish citizens’ names, national identity numbers, addresses, birthdates and parents’ names (including those of Turkish president Recep Tayyip Erdogan), the Telegraph reports.
While the hackers published a statement attacking Erdogan, Wired reports that they appear to be American. “Lessons for the U.S.? We really shouldn’t elect Trump,” they stated. “That guy sounds like he knows even less about running a country than Erdogan does.”
The Hurriyet Daily News reports that Binali Yildirim, Turkey’s Minister of Transportation, Communication and Maritime Affairs, claimed the leak was the same as one previously discovered in 2010. “This issue is brought to the agenda from time to time,” he said. “It is now being served like a new story.”
Still, Lastline cybersecurity expert Craig Kensek told eSecurity Planet by email that Turkey’s national identity number system is used to enable access to a wide range of government services, including taxation, social security and healthcare.
“If this were to occur to a U.S. firm, part of the disaster control would include revamping the company’s security system, including potentially encrypting data,” Kensek said. “Credit watch services would be given to individuals for one or two years. And an executive would take the sword.”
In the Philippines, hackers calling themselves recently LulzSec Pilipinas published what they claimed is the entire database of the country’s Commission on Elections (COMELEC), listing basic information on all 55 million registered voters.
Although COMELEC spokesperson James Jimenez told the Philippine Daily Inquirer that the exposed database is already public and contains no sensitive information, Trend Micro reports that a significant amount of personally identifiable information (PII) was also exposed.
According to Trend Micro, the data dump includes 1.3 million overseas Filipino voters’ passport numbers and expiration dates in plain text, as well as 15.8 million fingerprint records.
“This breach, which is already being touted as the largest government breach in history and dwarfs last year’s catastrophic breach at the Office of Personnel Management, only reinforces what we’ve been talking about for a long time — data encryption is absolutely critical for safeguarding sensitive data like PII,” Accellion senior director of product management Bob Ertl told eSecurity Planet by email.
“Data breaches like these, whether they’re politically or financially motivated, are only increasing in frequency and magnitude,” Ertl added. “Any organization that takes a cavalier approach to securing its data is playing with fire. We hope this serves as a wake up call for government agencies and large organizations around the world.”
And TrapX Security executive vice president and general manager Carl Wright said by email that basic security measures are no longer enough for government agencies. “Best practices necessary to meet the cyber threat are evolving at a faster pace to meet and defeat these attackers,” he said. “Most important is to consider and implement strategies that assume that attackers will penetrate the institution’s perimeter and endpoint defenses.”
A recent eSecurity Planet article offered advice on securing sensitive data in a post-perimeter world.