It is widely regarded by security experts and researchers as one of the most significant identity leaks in the country's history. Context and Security Review Source of the Leak
This leak was not just a random dump of some outdated database. Analysis showed that it contained information on citizens who had the right to vote in the and included birth dates up until March 1991. This indicated that the data was a copy of the voter registry from around 2009-2010, illegally exfiltrated years before it was ultimately leaked in 2016.
Once the mernis.tar.gz file became public, it was mirrored across the dark web and clear web. Threat actors used the database to:
The file mernis.tar.gz was a standard Gzip compressed tar archive. When unpacked, it typically revealed raw data files, often in CSV (Comma Separated Values) or SQL format. mernis.tar.gz
Contrary to popular belief, the breach was not necessarily the result of a sophisticated, direct cyberattack on the heavily fortified core servers of the Ministry of Interior. Instead, the vulnerability lay in decentralized access points.
In the world of system administration, penetration testing, and even digital forensics, encountering unusual filenames with double extensions is a common occurrence. One such filename that has been popping up in server logs, user forums, and cybersecurity discussions is .
: In early 2016, the data became widely available via peer-to-peer (P2P) file-sharing services in a file roughly 1.5 GB to 6.6 GB in size (depending on compression). It is widely regarded by security experts and
Change passwords regularly for important online accounts.
In essence, MERNIS is a critical piece of Turkey's national digital infrastructure, holding the most sensitive and comprehensive personal data of its citizens.
sha256sum mernis.tar.gz
While the leak became a major news event in 2016, experts noted that the data appeared to be from around 2008–2009 Google Groups
Do not click on suspicious links or provide personal information, even if the caller or sender already seems to know your details.
It is crucial to remember these key points: This indicated that the data was a copy
The leaked data includes specific Personal Identifiable Information (PII) for nearly two-thirds of the Turkish population: National Identifier Number (TC Kimlik No). (First and Last). Parents' Names (Mother's and Father's first names). Date and City of Birth Full Address (including registration city and district). Context and Significance Turkish authorities 'probing huge ID data leak' - BBC News