"mernis.tar.gz" is the filename of a widely circulated archive containing a massive leak of the Turkish Citizenship Database (MERNIS) First appearing on the public web around April 2016, the file gained global attention because it allegedly contained the personal records of approximately 49 to 50 million Turkish citizens Google Groups Key Details of the Leak The archive typically includes sensitive data such as National ID numbers (TC Kimlik No), full names, parents' names, gender, city of birth, birth dates, and full home addresses File Size: The compressed file is roughly 1.4 GB to 1.5 GB , which expands to approximately when extracted into its raw database format (often PostgreSQL) Google Groups Origin & Timing: While the leak became a major news event in 2016, experts noted that the data appeared to be from around 2008–2009 Google Groups . It was famously hosted on a site with a Romanian IP address and distributed via peer-to-peer torrent networks Google Groups Significance: It remains one of the largest state-level data breaches in history, posing long-term identity theft risks for the Turkish population since core identifiers like birth dates and ID numbers do not change. Security Warning: This file is frequently used as a "honeypot" or a carrier for . Security researchers advise against downloading or extracting it, as many versions found on public forums and torrent sites are bundled with viruses or backdoors designed to infect the user's system Google Groups of this breach or information on how to protect personal data? AI responses may include mistakes. Learn more
mernis.tar.gz (also referred to as mernis.sql.tar.gz ) is the primary archive associated with a massive data breach involving the (Merkezi Nüfus İdaresi Sistemi), Turkey's Central Civil Registration System. Originally surfacing in April 2016, the file contains personal identification records for approximately 49,611,709 Turkish citizens Technical Details File Format : A compressed Tarball ( Compressed : ~1.4 GB to 1.5 GB. Uncompressed : ~6.6 GB. Internal Data : The archive contains a MySQL database dump ( Content of the Database The leaked data includes specific Personal Identifiable Information (PII) for nearly two-thirds of the Turkish population: National Identifier Number (TC Kimlik No). (First and Last). Parents' Names (Mother's and Father's first names). Date and City of Birth Full Address (including registration city and district). Context and Significance Turkish authorities 'probing huge ID data leak' - BBC News
The leaked database was remarkably comprehensive, exposing critical personal identifiers including: National Identity Numbers (T.C. Kimlik No) Full names and parents' first names Dates of birth and birthplaces Full home addresses While the file became widely available in 2016, technical experts and Turkish officials suggested the data actually originated from electoral records around 2008 or 2009. The hackers who hosted the file on an Icelandic server accompanied it with a politically charged message criticizing the Turkish government's technical infrastructure and leadership. Political and Security Implications The breach was a major embarrassment for the Turkish government, especially as it included the personal details of high-ranking officials like President Recep Tayyip Erdoğan , Prime Minister Ahmet Davutoğlu , and former President Abdullah Gül .
The file mernis.tar.gz is a notorious compressed archive containing a leaked database of approximately 49.6 million Turkish citizens . Originally surfacing in April 2016, it is widely considered one of the largest data breaches in Turkey's history, exposing the personal information of nearly two-thirds of the country's population at the time. Database Overview The archive contains a massive trove of sensitive, unencrypted personal data. Total Records : ~49,611,709 unique Turkish citizens. File Size : Approximately 1.5 GB compressed (mernis.tar.gz) and 6.6 GB uncompressed . Data Structure : Primarily distributed as a MySQL database. Key Data Points Exposed : National Identifier (TC Kimlik No) Full First and Last Names Mother and Father’s First Names Gender, Date of Birth, and Place of Birth Detailed Residential Addresses Origins and Authenticity The Source : While the name "MERNIS" refers to Turkey’s Central Civil Registration System, government officials initially claimed the leak did not originate directly from MERNIS. Instead, it is believed to have come from a 2009/2010 electoral register shared with political parties. Verification : The Associated Press partially verified the data by matching 8 out of 10 non-public ID numbers against names in the database. High-Profile Targets : The leak explicitly highlighted the personal details of high-ranking officials, including President Recep Tayyip Erdoğan and Prime Minister Ahmet Davutoğlu , intended as a political taunt against the government's infrastructure security. Critical Risks and Impact mernis.tar.gz
Important notes if you obtained this file:
Sensitive Data: MERNIS contains personal information (Turkish ID numbers, names, addresses, family records). Possessing or distributing such data without authorization is illegal under Turkish Law No. 6698 (KVKK) and may constitute a criminal offense.
Purpose: If you are an authorized user (e.g., government agency, approved researcher, or system administrator), the report might include population statistics, audit logs, or registry extracts. "mernis
Security Warning: Do not open or extract this file on an internet-connected device unless you are certain of its legal source and your authorization. If obtained from an untrusted source, it could also contain malware.
If you believe you legitimately need to analyze this file:
Extract safely: tar -xzf mernis.tar.gz (Linux/Mac) or use 7-Zip (Windows) Check contents first: tar -tzf mernis.tar.gz | head -20 Look for README or metadata files to understand the report’s origin. Originally surfacing in April 2016, the file contains
If you are not the authorized recipient: Do not open, share, or copy the file. Report the incident to your IT security team or the relevant data protection authority. Would you like guidance on safely handling a compressed archive, or do you have a specific question about the hypothetical contents (e.g., report format, anonymization, or parsing)?
Technically, a .tar.gz file (or "tarball") is a compressed archive commonly used in Linux and Unix-based systems to bundle multiple files into a single, smaller package. However, in the context of "mernis.tar.gz," it represents a massive cache of sensitive data—including full names, Turkish ID numbers (TC Kimlik No), dates of birth, and home addresses—that has circulated online since at least 2016. The History of the MERNİS Leak The MERNİS project was originally designed as a centralized database to streamline government services using unique personal identification numbers. The leak’s origins are complex: The 2010 Breach : Government officials later claimed the leaked data was "an old story" from 2010, allegedly stolen by staff members who sold physical copies on DVDs. The 2016 Viral Spread : In early 2016, the data became widely available via peer-to-peer (P2P) file-sharing services in a file roughly 1.5 GB to 6.6 GB in size (depending on compression). Political Motivation : The site originally hosting the data featured messages mocking the Turkish government's technical infrastructure and political leadership. Content and Security Risks The "mernis.tar.gz" file typically contains a large SQL database file ( mernis.sql ). Its exposure poses severe long-term risks: mernis.sql.tar.gz - ekşi sözlük