Recent incidents in Turkey affected individuals whose personal data was leaked or even sold online. Meanwhile, Nigeria’s data protection authority has launched its largest investigation to date, targeting more than 1,300 organizations across high-risk sectors.
Without further delay, let’s get to the main story. The Turkish data protection authority (KVKK) recently published several announcements about security incidents.
The first case involves Board by Board, an HR service provider for job seekers. According to the official report, the incident was caused by a system misconfiguration during the rollout of a new feature. This error exposed résumé data belonging to 3,168 users. The scope of the leaked information varied depending on what individuals had included in their CVs. While some resumes contained only basic details such as first and last name, others included contact information, employment history, education records, photos, or other sensitive data.
The second case concerns the Turkish Medical Association. In August 2025, the Association’s systems were targeted by unknown attackers. The cyberattack resulted in the deletion of records related to both members and employees. Preliminary findings suggest that more than 100,000 individuals may have been affected. The compromised data included:
- National ID numbers
- Contact details
- Location information
- Other sensitive records
The third incident involved Biletal İç ve Dış Ticaret A.Ş., a trading company. Approximately 7,800 customers were affected. The exposed data included:
- National ID numbers
- Contact details
- Customer transaction history
Investigators confirmed that the stolen data was lateroffered for sale on illegal platforms.
These cases serve as a reminder that strong security practices, continuous monitoring, and strict compliance with data protection laws are essential to safeguard both organizations and the people who trust them with their data.
The Nigeria Data Protection Commission (NDPC) has announced its largest enforcement campaign to date under the Nigeria Data Protection Act (NDPA) of 2023. The regulator is investigating 1,369 companies suspected of violating data privacy regulations as part of a broader, sector-by-sector inspection effort.
Organizations that received notices are required to prove compliance with the NDPA within 21 days or risk sanctions. The list of companies under scrutiny includes:
- 795 financial institutions,
- 392 insurance brokers,
- 192 gaming companies,
- 35 insurance companies,
- 10 pension firms.
According to Nigerian experts, the next wave of investigations is likely to focus on other high-risk sectors that process large volumes of personal and sensitive data, including:
- Aviation,
- Telecommunications,
- E-commerce,
- Healthcare.
Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations at the NDPC, emphasized:
“Failure to comply with the compliance notice may result in enforcement actions, including enforcement orders, administrative fines, and/or criminal prosecution in accordance with the NDPA.”
The notices require organizations to provide:
- Evidence of filing their 2024 NDPA compliance audit returns;
- Proof of appointing a Data Protection Officer (DPO);
- A summary of their technical and organizational measures for data protection;
- Evidence of registration as a Data Controller or Data Processor of Major Importance.
Compliance can be a challenging task for both public organizations and private businesses. However, most regulators have now begun active enforcement campaigns following initial grace periods. Failure to comply may result in legal action and substantial fines.
The SearchInform team helps businesses navigate compliance requirements by offering advanced investigation tools that support local languages and powerful protective capabilities with built-in reporting templates. Our Next-Gen Data Loss Prevention (DLP) system, Risk Monitor, not only provides effective protection against accidental and intentional data leaks but also simplifies compliance reporting.
In addition, the Next-Gen DLP solution protects organizations against corporate fraud. All of these capabilities are integrated into a single, unified platform.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!