The Istanbul Metropolitan Municipality (IMM) suffered a massive data breach involving its *Istanbul Senin* municipal application, where personal data and location information of 4.7 million users were unlawfully transferred to two foreign countries. Additionally, 3.7 million users' data was listed for sale on the dark web. Investigations revealed further breaches, including the unauthorized processing and disclosure of ballot box data for 11 million citizens via a sub-application (*IMM Hanem*). The breach was linked to an alleged criminal enterprise involving 15 detained suspects, including administrators from six IMM-affiliated companies. The incident exposed systemic vulnerabilities, with data exploited for fraudulent activities, dark web sales, and potential political manipulation. The breach not only compromised user privacy but also eroded public trust in municipal digital services, with ongoing legal and reputational fallout.
TPRM report: https://www.rankiteo.com/company/istanbul-buyuksehir-belediyesi
"id": "ist1932619102425",
"linkid": "istanbul-buyuksehir-belediyesi",
"type": "Breach",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '4.7 million (Istanbul Senin app '
'users) + 11 million (ballot box '
'data)',
'industry': 'Public Administration',
'location': 'Istanbul, Turkey',
'name': 'Istanbul Metropolitan Municipality (IMM)',
'type': 'Government (Municipal)'},
{'location': 'Istanbul, Turkey',
'name': 'Six separate companies (subsidiaries of IMM)',
'type': 'Private (Subsidiaries)'}],
'attack_vector': ['Insider Threat',
'Unauthorized Data Transfer',
'Dark Web Data Sale'],
'data_breach': {'data_exfiltration': 'Yes (transferred to two different '
'countries, sold on dark web)',
'number_of_records_exposed': '4.7 million (Istanbul Senin '
'app) + 3.7 million (dark web '
'sale) + 11 million (ballot box '
'data)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal and location data, '
'ballot box data)',
'type_of_data_compromised': ['Personal data',
'Location information',
'Ballot box data']},
'date_publicly_disclosed': '2025-03-19',
'description': 'Fifteen suspects were detained in connection with the '
'unauthorized disclosure of personal data and location '
"information from 4.7 million users of the 'Istanbul Senin' "
'municipal application. The data was unlawfully transferred to '
"two different countries, and 3.7 million users' data was put "
'up for sale on the dark web. Additionally, ballot box data '
'from 11 million citizens was processed and disclosed outside '
"the system through a sub-application called 'IMM Hanem'. The "
'investigation is part of an organized crime probe linked to '
'former Mayor Ekrem Imamoglu.',
'impact': {'brand_reputation_impact': 'High (municipal government and '
'associated entities)',
'data_compromised': ['Personal data',
'Location information',
'Ballot box data'],
'identity_theft_risk': "High (4.7 million users' personal data "
'exposed)',
'legal_liabilities': ['Charges for unlawfully obtaining personal '
'data',
'Violations of the Tax Procedure Law',
'Membership in a criminal enterprise'],
'systems_affected': ['Istanbul Senin municipal application',
'IMM Hanem sub-application']},
'initial_access_broker': {'data_sold_on_dark_web': "Yes (3.7 million users' "
'data)',
'entry_point': ['Administrator access (13 suspects)',
'Fraudulent invoices (2 suspects)'],
'high_value_targets': ['Personal data',
'Location information',
'Ballot box data']},
'investigation_status': "Ongoing (led by Istanbul Chief Public Prosecutor's "
'Office Organized Crime Investigation Bureau)',
'motivation': ['Financial Gain',
'Political Motivation (alleged)',
'Organized Crime'],
'post_incident_analysis': {'root_causes': ['Insider threat (administrator '
'misuse)',
'Alleged organized crime '
'involvement',
'Fraudulent financial practices']},
'references': [{'date_accessed': '2025-03-19', 'source': 'AFP'},
{'source': 'Webrazzi'},
{'date_accessed': '2025-03-19',
'source': "Istanbul Chief Public Prosecutor's Office "
'Organized Crime Investigation Bureau'},
{'date_accessed': '2025-03-19',
'source': 'Interior Minister Ali Yerlikaya (Statement)'}],
'regulatory_compliance': {'legal_actions': ['Detention of 15 suspects',
'Charges filed for unlawful data '
'access, tax violations, and '
'criminal enterprise membership'],
'regulations_violated': ['Turkish Personal Data '
'Protection Law (KVKK)',
'Tax Procedure Law']},
'response': {'containment_measures': ['Detention of 15 suspects',
'Ongoing investigation'],
'incident_response_plan_activated': 'Yes (led by Istanbul Chief '
"Public Prosecutor's Office "
'Organized Crime '
'Investigation Bureau)',
'law_enforcement_notified': 'Yes (Istanbul Chief Public '
"Prosecutor's Office, General "
'Directorate of Police Cyber Crimes '
'Department, MASAK)'},
'threat_actor': ['Alleged criminal enterprise linked to former Mayor Ekrem '
'Imamoglu',
'15 detained suspects (13 administrators, 2 involved in '
'fraudulent invoices)'],
'title': "Unauthorized Disclosure of Personal Data from 'Istanbul Senin' "
'Municipal Application',
'type': ['Data Breach',
'Unauthorized Data Disclosure',
'Dark Web Data Sale',
'Organized Cybercrime']}