Recent incidents in Turkey affected individuals whose personal data was leaked or even sold online. Meanwhile, Nigeria’s data protection authority has launched its largest investigation to date, targeting more than 1,300 organizations across high-risk sectors.
Without further delay, let’s get to the main story. The Turkish data protection authority (KVKK) recently published several announcements about security incidents.
The first case involves Board by Board, an HR service provider for job seekers. According to the official report, the incident was caused by a system misconfiguration during the rollout of a new feature. This error exposed résumé data belonging to 3,168 users. The scope of the leaked information varied depending on what individuals had included in their CVs. While some resumes contained only basic details such as first and last name, others included contact information, employment history, education records, photos, or other sensitive data.
The second case concerns the Turkish Medical Association. In August 2025, the Association’s systems were targeted by unknown attackers. The cyberattack resulted in the deletion of records related to both members and employees. Preliminary findings suggest that more than 100,000 individuals may have been affected. The compromised data included:
The third incident involved Biletal İç ve Dış Ticaret A.Ş., a trading company. Approximately 7,800 customers were affected. The exposed data included:
Investigators confirmed that the stolen data was lateroffered for sale on illegal platforms.
These cases serve as a reminder that strong security practices, continuous monitoring, and strict compliance with data protection laws are essential to safeguard both organizations and the people who trust them with their data.
The Nigeria Data Protection Commission (NDPC) has announced its largest enforcement campaign to date under the Nigeria Data Protection Act (NDPA) of 2023. The regulator is investigating 1,369 companies suspected of violating data privacy regulations as part of a broader, sector-by-sector inspection effort.
Organizations that received notices are required to prove compliance with the NDPA within 21 days or risk sanctions. The list of companies under scrutiny includes:
According to Nigerian experts, the next wave of investigations is likely to focus on other high-risk sectors that process large volumes of personal and sensitive data, including:
Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations at the NDPC, emphasized:
“Failure to comply with the compliance notice may result in enforcement actions, including enforcement orders, administrative fines, and/or criminal prosecution in accordance with the NDPA.”
The notices require organizations to provide:
Compliance can be a challenging task for both public organizations and private businesses. However, most regulators have now begun active enforcement campaigns following initial grace periods. Failure to comply may result in legal action and substantial fines.
The SearchInform team helps businesses navigate compliance requirements by offering advanced investigation tools that support local languages and powerful protective capabilities with built-in reporting templates. Our Next-Gen Data Loss Prevention (DLP) system, Risk Monitor, not only provides effective protection against accidental and intentional data leaks but also simplifies compliance reporting.
In addition, the Next-Gen DLP solution protects organizations against corporate fraud. All of these capabilities are integrated into a single, unified platform.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!