What Happened
In the baydoner.com (Baydöner) data breach disclosed in March 2026, the Turkish restaurant chain Baydöner (domain baydoner.com) suffered a compromise that was later published on a public hacking forum, exposing about 1.26–1.3 million customer records. The incident occurred around March 8, 2026 (with regulatory reporting on March 12) and exposed email addresses, names, phone numbers, cities/geographic locations, genders, plaintext passwords, dates of birth, government-issued IDs (including some Turkish national ID numbers), and purchase details. According to Baydöner’s disclosure and subsequent listings, payment and financial data were reportedly not affected, but the breadth of personal data and the presence of plaintext passwords created elevated risks of phishing, account takeover, and identity misuse for affected customers.
