Turknet confirms data breach affecting over 1.5M customers in Türkiye
Logo of Turknet, one of Türkiye's largest internet service providers confirmed as a target of cyberattack that claimed over 1.5 million users, accessed on March 13, 2025. (Photo via Space Watch Africa)
One of Türkiye’s largest internet service providers, Turknet, has confirmed it was the victim of a cyberattack that compromised the personal data of millions of customers, according to a company statement released Thursday.
The attack, which was first detected on March 11, exposed sensitive information of customers, including full names, phone numbers, subscription numbers, national identification numbers, address details and static IP information.
A hacker using the pseudonym “hades_hgs” claims responsibility for the breach and has threatened to publish the database containing information on approximately 2.8 million customers unless the company pays a ransom of 3 Bitcoin within 24 hours.
“We are going to leak the database of Turknet if Turknet does not send us 3 BTC in 24 hours,” the hacker wrote on a dark web forum, according to screenshots reviewed by Türkiye Today, “The countdown is starting now.”
The hacker claims to have access to “the entire Turknet infrastructure” and boasted about potentially being able to “cut off the entire internet.” Screenshots shared by the hacker show what appears to be customer database information with personal details obscured.
Turknet, a telecommunications company that operates its own infrastructure, acknowledged the breach in an email to customers. The company emphasized that financial information and user passwords were not compromised in the attack.
“Despite the measures taken under the Personal Data Protection Law, a cyber attack was carried out on our database,” Turknet stated in its email to customers. “The necessary technical and administrative measures have been increased, and security has been ensured.”
The company added that no service interruptions occurred as a result of the breach and that it is working with relevant public institutions to identify those responsible and initiate necessary legal processes.
Turknet has indicated it will file reports with Türkiye’s Personal Data Protection Authority and the Information Technologies and Communication Authority regarding the breach.
The company assured customers they can continue to use the online transaction center and mobile application securely with their existing passwords, stating that “all additional measures have been meticulously implemented.”
Pattern of high-profile cyber attacks
This isn’t the first high-profile attack attributed to “hades_hgs.” In December 2024, the same hacker group claimed responsibility for a massive breach of Türkiye’s Highway Pass System (HGS), which handles electronic toll collections on highways and bridges throughout the country.
During that attack, the hackers allegedly gained access to personal and financial information of more than 5 million HGS users. The group demanded a ransom of 25,000 dollars, threatening to publish the stolen data on the dark web if their demands weren’t met. According to reports, the compromised information included not just personal details but also credit card information from millions of vehicle owners.
The December attack caused significant disruption, with users of the HGS system reportedly receiving threatening and profane notifications through the PTT (Turkish Post) system, which handles many HGS tag registrations. The hackers claimed they initially hadn’t planned to share the data publicly but changed their stance after allegedly being threatened by someone they referred to as a lawyer named “juadis.”
