Scandal as Northern Cyprus hit by hackers: Health records of 364,036 individuals exposed
A massive cybersecurity breach targeting the Turkish Republic of Northern Cyprus (TRNC) Ministry of Health has exposed the personal and medical-related data of 364,036 individuals, in what experts are describing as one of the most serious data security scandals in the country’s history.
The leaked information was reportedly published on January 8, 2026, on a hacker forum on the Dark Web. According to findings, the compromised database contains highly sensitive personal information of individuals who have interacted with the state healthcare system in any capacity.
The leaked records reportedly include names, surnames, nationality, ID numbers, passport numbers, foreign identification numbers, gender, dates and places of birth, residential addresses in Northern Cyprus and abroad, parents’ names, phone numbers, AdaPass vaccination codes, and school information.
Experts Confirm Authenticity of Leak
Cybersecurity experts based in the Netherlands, who requested anonymity, confirmed to investigators following technical analysis that the data leak appears to be authentic.
Experts warn that the exposed data creates severe risks, including identity theft, financial fraud, SIM card fraud, targeted phone scams, blackmail, stalking, and sophisticated social engineering attacks targeting both individuals and their family members.
“This is not an ordinary data leak,” experts noted. “This represents a large-scale security crisis capable of directly affecting the lives of hundreds of thousands of people.”
The experts further stressed that because the data is now circulating on the Dark Web, the breach cannot be treated as a minor or isolated technical incident.
Hackers Claim to Hold HIV/AIDS Patient Records
Adding to concerns, the attackers claim they also possess a separate database containing records of individuals diagnosed with HIV/AIDS within Ministry of Health systems.
Although the alleged list has not been publicly released, experts say the mere existence of such claims significantly escalates the severity of the breach, given the highly sensitive nature of medical records.
Data Public for More Than Five Months
One of the most alarming aspects of the breach is that the data has reportedly been publicly accessible for approximately five and a half months.
Since January 8, highly sensitive records of hundreds of thousands of individuals may have remained accessible to malicious actors. According to available forum statistics, the dataset has been downloaded at least 79 times—a figure that only reflects visible download counts on the platform.
Security analysts note that once leaked data is downloaded, copied, and redistributed, it becomes nearly impossible to fully contain or remove from circulation.
Even if the original source is removed, copies may continue to exist across multiple servers, private networks, and underground forums for years.
Children Among Those Affected
The breach is particularly alarming because it appears to affect not only adults but also children.
The inclusion of school information, birth dates, parental names, addresses, and AdaPass vaccination codes suggests that minors and students are among those impacted.
Experts warn that the exposure of a child’s identity information, family details, home address, school records, and healthcare-linked data creates serious privacy and physical safety risks.
Demographic Data Also Exposed
Beyond individual privacy concerns, experts say the breach also exposes broader demographic insights about Northern Cyprus.
The dataset reflects records of over 364,000 individuals who have interacted with the public healthcare system, potentially allowing third parties to analyze population patterns, age distribution, school-age demographics, foreign resident populations, address density, and public service usage.
Forum discussions surrounding the leaked data reportedly indicate that individuals from 202 different nationalities appear in the health records database.
This raises further questions about the scale and scope of data stored within public systems.
Additional Claims Involving Border Entry-Exit Records
Hackers have also claimed to possess data related to approximately 340,000 border entry and exit records.
If confirmed, this would suggest the security issue extends beyond the Ministry of Health and could point to a broader state-level cybersecurity vulnerability involving immigration and border control systems.
Potential Legal and Financial Consequences
The breach may also have international legal implications, as the leaked dataset reportedly includes records belonging to citizens of European Union member states.
Under the European Union’s General Data Protection Regulation (GDPR), health data is classified as highly sensitive personal data and subject to strict protections.
Experts note that if a breach of this scale occurred within the EU, affected individuals could pursue compensation for material and non-material damages.
Even using a conservative estimate of €1,000 per person, total compensation exposure could exceed €364 million, highlighting the potentially enormous financial consequences of such a breach.
Comparable international incidents, including the 2020 Vastaamo psychotherapy center breach in Finland and the 2017 Swedish Transport Agency data scandal, demonstrate how large-scale data breaches can result not only in financial penalties but also significant political consequences.
Growing Questions Over Government Response
The breach has triggered serious questions regarding government oversight, transparency, and accountability.
Key concerns include when authorities became aware of the breach, whether officials identified the leak months ago, and why the public was not informed earlier if the compromise was known.
Cybersecurity experts argue that this incident should not be viewed merely as a technical failure but as a historic public security crisis involving institutional responsibility.
With the personal data of citizens, children, patients, and students now circulating on the Dark Web, experts say the focus must shift beyond identifying the perpetrators.
The pressing question now is how authorities plan to protect affected individuals and mitigate the long-term consequences of one of the most significant data security breaches in the country’s history.

No comments
Thanks for viewing. Your comments are appreciated.
Disclaimer: Comments on this blog are NOT posted by Olomo TIMES, Readers are SOLELY responsible for their comments.
Need to contact us for Eyewitness news, Gossips reports, Adverts?
Email us on; olomotimes@gmail.com