According to a recently published notification from the official Turkish regulator, the Personal Data Protection Authority (KVKK), the restaurant chain Baydöner Restoranları A.Ş. reported a data breach that began on February 15, 2026, but remained undetected until March 8. The breach was caused by the compromise of a third-party customer support and contact center management platform.

The exact number of affected individuals and the scope of the compromised data are still being audited. However, the restaurant chain’s user database contains records for approximately 1.5 million customers.

Compromised data types:

• Full names
• Phone numbers and email addresses
• Turkish national identity number
• Application passwords
• Order and delivery information

This marks the second major incident in the Turkish restaurant sector in recent months. In January 2026, the Köfteci Yusuf chain was attacked, resulting in the compromise of data belonging to over 150,000 customers and 13,000 employees.

On March 16, 2026, another incident came to light: a cyberattack on the private Royal Bahrain Hospital, for which the Payload ransomware group claimed responsibility. The attackers utilized a double extortion tactic, stealing 110 GB of data – encrypting local systems and threatening to publish the stolen information on their Tor-based leak site. As proof, they released images of the stolen files and set a deadline for payment of the demanded ransom: March 23.

Payload utilizes complex encryption algorithms and actively deletes shadow copies to make data recovery more difficult for those who do not pay. While the exact list of compromised data types has not been disclosed, patients and hospital staff could face risks of personal data leaks, medical fraud, and targeted phishing attacks.

In the case of Royal Bahrain Hospital, a successful attack required the hackers to exfiltrate confidential information from the corporate perimeter without being detected. During the exfiltration stage, a modern Next-Gen DLP (Data Leak Prevention) system can stop attackers, even if the malware uses non-standard communication channels.

When attackers employ standard protocols (HTTPS, FTPs, WebDav), DLP blocks the transfer based on file analysis, rather than the source. This enables it to effectively prevent data leaks caused either by user negligence or by malicious software. If attackers use more sophisticated proprietary protocols, an advanced DCAP (Data-Centric Audit and Protection) system can intervene, intercepting process attempts to access confidential files and blocking them – before the data ever leaves the device.

Proactive protection based on DLP and DCAP can prevent even this type of attack scenario through software intervention during the data exfiltration phase. DLP isn’t just a protection tool from insider threats. Discover how it blocks hacker intrusions – download our materials.