“In April 2026, Turkish authorities dismantled an organized cybercrime network that illegally accessed and sold Turkish citizens' personal data obtained from government systems, operating through a dealership-based distribution model.”

Siber Suçlarla Mücadele Daire Başkanlığımızca Kahramanmaraş ve Şanlıurfa'da yaşanan elim hadiselere ilişkin ... (Note: No mention of dismantling a cybercrime network involving illegal access and sale of citizens' personal data from government systems in April 2026; focuses on other siber suç events.)

20.04.2024 - Operasyonlarda organize suç örgütünün yöneticilerinden Yonca Onat'ın da aralarında bulunduğu 34 şüpheli yakalandı. Batman Cumhuriyet Başsavcılığı, Jandarma ... (2024 operation on organized crime, not cybercrime or personal data in 2026.)

MİT'ten siber suç şebekesine operasyon: 12 gözaltı · Milli İstihbarat Teşkilatı koordinesinde, siber suç şebekesine 9 ilde eş ... 14 ilde "siber dolandırıcılık" operasyonunda 126 şüpheli yakalandı 14.01.2026. No reports of April 2026 operation dismantling network selling personal data from government systems via dealership model.

Turkish authorities have carried out a coordinated operation against an organized cybercrime group that used the names of state services to deceive victims and steal credit-card data. As part of the operations carried out simultaneously in six provinces centered on Istanbul, authorities seized 318 websites used in phishing campaigns and arrested 10 suspects.

Türkiye’s National Intelligence Organization (MIT) has dismantled a cyber espionage network that sought to steal personal and financial data from citizens by imitating corporate identities through fake cell towers. After months of investigations and surveillance, seven foreign nationals were caught red-handed in a joint operation with Istanbul police and prosecutors.

Vodafone Net reported a data breach involving personal data offered for sale on the dark web, affecting up to 321504 individuals.

KVKK announced a data breach notification for Izelman due to a ransomware attack affecting over 10000 people.

Türkiye has detained 118 suspects in operations targeting cyber fraud across 17 provinces over the past two weeks. Investigators said the suspects were involved in illegal gambling, defrauding citizens using stolen personal data, illegally withdrawing money from bank accounts, posing as public officials, and running scams through fake social media ads.

A cybercrime network that breached Facebook’s database and accessed nearly 19.8 million personal records has been dismantled in Türkiye, with seven suspects detained... The probe found that the group copied usernames and passwords from multiple websites and gained unauthorized access to databases belonging to certain public institutions. These datasets were then used to build private query panels, with personal information sold for a fee.

Illegal online platforms operating on the dark web are selling personal information of millions of Turkish citizens for as little as $12. These “panel systems” function as underground marketplaces where hackers and criminal networks compile and sell data obtained from leaks or breaches. Cyber forensics expert called personal data “the new oil” of the criminal economy, with information belonging to nearly 130 million Turkish citizens leaked from hacked institutions, including public offices.

26 Mart 2026 sabahı İstanbul'da yedi kişi gözaltına alındı. Haberler kısa sürede yayıldı: “siyah şapkalılar hacker çetesi çökertildi”. This refers to the takedown of a hacker group called 'Siyah Şapkalılar' (Black Hats) involved in data breaches from state systems.

A documentary reveals serious security flaws in Turkey’s government databases, particularly in HSYS and e-Nabız, the national health data repositories. After gaining unauthorized access, these hackers allegedly created Libra, an underground data marketplace that utilizes artificial intelligence where stolen information was classified and eventually bought and sold. The documentary describes Telegram and Discord channels where criminals trafficked personal records, enabling identity theft, digital extortion and financial fraud.

Where the scheme involves the unlawful recording, obtaining or disclosure of personal data, the personal data offences apply, carrying one to three years’ imprisonment for unlawful recording (Art. 135) and two to four years’ imprisonment for unlawful acquisition or disclosure (Art. 136). Without prejudice to more serious offences, the Law penalises: making previously leaked personal data or institutional data within the scope of critical public services available, shared or offered for sale without consent (three to five years’ imprisonment).

01.01.2026 tarihinde yürürlüğe giren Karar ile, Kurum tarafından Kanun kapsamındaki yükümlülük ihlallerinin türüne göre 85.437 TL'den 17.092.242 TL'ye kadar idari para cezaları güncellenmiştir. No mention of specific cybercrime network dismantlement in April 2026.

A massive data breach has reportedly exposed information from 17.5 million Instagram users... Cybersecurity researchers traced the breach to unsecured third-party databases linked to Instagram’s ecosystem.

As of April 17, 2026, no major news outlets or official Turkish sources (e.g., MIT, KVKK, or Anadolu Agency) report a specific cybercrime network dismantling in April 2026 involving illegal access to and sale of Turkish citizens' personal data from government systems via a dealership model. Earlier March 2026 incidents involved Facebook/Instagram data and public institutions but not exclusively government systems or a dealership distribution.

A threat actor using the handle "buadamcokfena" posted on BreachForums on January 10, 2026 claiming to be selling comprehensive Turkish citizen data containing approximately 109 million records. The threat actor states this is official government data for the whole of Turkey, not from a third party. Data includes name, surname, national identity card number, physical address, apartment address.

In contemporary disputes, evidentiary debates are increasingly shaped by information stored in digital environments. Data such as emails, messaging records, and information contained in internal corporate databases may become the subject of judicial proceedings through various means, including seizure by public authorities, access to systems by third parties, or leaks originating from within an organisation.

Kişisel Verileri Koruma Kurumu (“Kurum“), 1 Ocak 2026 tarihinden itibaren geçerli olmak üzere KVKK'da öngörülen idari para cezalarının güncellenmiş tutarlarını internet sitesinde yayımladı. %25,49 oranında arttırıldı. Focuses on administrative fines update, no cybercrime operation details.

Kişisel Verileri Koruma Kurumu tarafından açıklanan 2026 yılı idari para cezaları, 2025 yılına kıyasla %25,49 oranında yeniden değerleme ... General update on KVKK fines for 2026, no specific mention of dismantling cybercrime networks or government data sales in April.

Kişisel Verileri Koruma Kurulu'nun 25.12.2025 tarihli ve 2025/2451 sayılı Kararı'na ilişkin Kamuoyu Duyurusu 20.01.2026 ... Lists updated fine amounts under KVKK for 2026, no information on specific cybercrime arrests or data sales from government in April 2026.

Each month, we'll cover 2026 data breaches, revealing the scale, data exposed, breach cause, and key lessons... Crunchbase confirmed a data breach in January after a hack. ShinyHunters, a cybercrime group, claimed responsibility.

Turkey's telecommunications authority has blocked dozens of articles on corruption as well as politically sensitive reporting. This indicates ongoing issues with data-related investigations but does not detail any specific April cybercrime network dismantlement.

Those illegally collecting personal data can be imprisoned for one to three years. This penalty rises if the data illegally collected is sensitive. Those who collect illegally publish or transfer personal data may be imprisoned for two to four years.

Persons who illegally collect personal data may be subject to imprisonment for a term of between one and three years. If the personal data is sensitive personal data, the offender may be subject to imprisonment for a term of between one and a half years to four and a half years. Persons who illegally transfer personal data or make personal data available to the public may be subject to imprisonment for a term of between two and four years.

The Decree also sets out the rules governing the transmission of decisions concerning action against illegal content and the provision of administrative fines for non-compliance.

Cybercrime Wire For Apr. 16, 2026. Data Leak Hits World's Biggest clothing firm. The data didn't contain client names, contact information, passwords, or information on payment methods.