05.09.2025 11:33
The BTK categorically denied claims that the passwords of all e-signature users across the country had been stolen. In the statement, it was said, "A criminal complaint has been filed and legal proceedings have been initiated against the sources that misled the public by spreading false claims of data leaks, causing concern among over 2.5 million e-signature users with unfounded news and posts."
```html
After it was revealed that fake university diplomas and driver's licenses were obtained for a fee using e-signatures, it was claimed that the passwords of all e-signature users across the country were stored and the data pool was hacked. The Information and Communication Technologies Authority (BTK) stated in a statement regarding the issue that the allegations are completely unfounded and that a criminal complaint has been filed regarding the news in question.
"THE ALLEGATIONS ARE COMPLETELY UNFOUNDED"
In the statement made by BTK, the following expressions were used: "The allegations that the electronic signature data pool has been hacked are completely unfounded and do not reflect the truth. It has become necessary to make this statement in order to accurately inform the public about the 'data leak' news that has been claimed to be related to e-signature services, which has appeared in some news sources.
All e-signatures used in Turkey are produced by 8 Electronic Certificate Service Providers (ESHS) authorized by our Institution.
Our Institution has the authority to audit the relevant ESHS and regulate the sector under the Electronic Signature Law No. 5070.
Each Qualified Electronic Certificate is stored in a USB e-signature device held only by the certificate owner, encrypted with cryptographic algorithms that meet international standards.
"NO DATA OF E-SIGNATURE OWNERS IS HELD BY BTK"
In the Electronic Signature (e-signature) system, no data of e-signature owners, including their PIN codes or any personal data, is held by the Information and Communication Technologies Authority (BTK). Electronic Certificate Service Providers (ESHS) only have access to the personal data provided by the certificate user during the application process. Therefore, the theft of certificate or PIN code information from any data pool or the occurrence of such a data leak is not possible.
Additionally, information related to all e-signatures in Turkey is not stored collectively in any data pool (including BTK or e-Government portal).
"LEGAL PROCESS INITIATED"
As is known, the dissemination of misleading and false information in the field of cybersecurity has the potential to create anxiety, fear, and panic in society. Furthermore, spreading perceptions that undermine the reliability of these services, which form the basis of Turkey's digital systems and are referred to as trust services, has destructive effects on society. Such actions constitute a crime under the Cybersecurity Law No. 7545. As clearly stated in Article 16, paragraph 5 of the law:
"Those who create false content regarding data leaks related to cybersecurity with the knowledge that there is no data leak in cyberspace, in order to create anxiety, fear, and panic among the public or to target institutions or individuals, or those who disseminate such content for this purpose shall be punished with imprisonment from two to five years."
In this context, a criminal complaint has been filed and a legal process has been initiated against sources that target e-signature users and mislead the public by spreading false claims of data leaks, causing anxiety among over 2.5 million e-signature users with unfounded news and shares."
```