Last updated 3 weeks ago
In March 2026, Turkish restaurant chain Baydöner suffered a data breach exposing 1,266,822 customer records. The breach was publicly disclosed in March 2026 when the data appeared on a hacking forum, though the exact discovery timeline remains unspecified. The exposure affected a significant portion of the company's customer base across its restaurant locations.
The breach resulted in unauthorized access to customer databases containing email addresses, names, phone numbers, cities of residence, and plaintext passwords. A subset of records included sensitive personally identifiable information including Turkish national ID numbers and dates of birth. The company confirmed payment and financial data remained unaffected by the incident.
Baydöner issued a disclosure notice acknowledging the breach and confirming the scope of compromised data types. The company did not report any regulatory actions, litigation, or ransom payments in their public statement.
Data breach subsequently published to a public hacking forum
The Baydöner breach demonstrates critical failures in password storage practices within the retail food service industry, where storing passwords in plaintext represents a fundamental security control violation. The exposure of national ID numbers alongside other PII in a restaurant chain context highlights inadequate data classification and protection measures for sensitive customer information beyond basic contact details.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector