Turkish restaurant chain Baydöner suffered a data breach in March 2026 exposing over 1.2 million customer records including names, email addresses, phone numbers, and plaintext passwords.
What happened
According to HIBP, Baydöner, a Turkish restaurant chain, experienced a data breach in March 2026. The incident was discovered and the compromised data was subsequently published to a public hacking forum, with disclosure added to HIBP on March 15, 2026.
What was exposed
The breach exposed over 1.2 million unique email addresses along with names, phone numbers, cities of residence, and plaintext passwords. A smaller subset of records also included Turkish national ID numbers and dates of birth. According to Baydöner's disclosure notice, payment and financial data was not affected.
Who is affected
Approximately 1.27 million customer accounts were impacted by the breach.
What to do now
Affected customers should change their password on Baydöner's platform and any other services where the same password was used. Monitor accounts for suspicious activity and consider placing a fraud alert with relevant authorities given the exposure of government-issued ID numbers in some records.