According to a notification published on April 15 by the Turkish Data Protection Authority (KVKK), the language school network English Time (English Time Eğitim Kurumları AŞ) fell victim to a cyberattack targeting its CRM system.
The breach, which occurred between April 4 and April 12, resulted in unauthorized access to the personal data of approximately 300,000 individuals, including employees, students, users, subscribers, and customers.
The data categories affected by the data breach include:
For students:
- Identity information (name, date of birth)
- Contact (email address, phone number)
- Address information
- Customer transaction data (registration date, contract and payment information)
For others:
- Identity
- Contact
- Address information
English Time acted swiftly, confirming the incident via an official statement on its website to students, their parents and partners. However, according to the company, the data breach was detected on the same day the access attempt occurred. The company reported that the attack originated from multiple international IP addresses, resulting in unauthorized access to a portion of student registration information only.
The company stated that immediately after detecting the situation, all access was blocked, the relevant accounts were disabled, and necessary control measures were implemented. On the same day, the company notified the Personal Data Protection Authority (KVKK), filed a complaint with judicial authorities, and sent SMS notifications to the affected clients. English Time specifically emphasized that no financial information (credit cards, IBAN, etc.) was compromised.
Beyond reputation management, the English Time case shows that public breach notifications are a critical compliance measure. They enable affected parties to stay vigilant and respond proactively, while helping the company mitigate significant administrative risks under KVKK regulations.
Global cryptocurrency exchange Kraken recently disclosed an extortion attempt by a cybercriminal group threatening to release videos of internal systems containing customer data.
According to Kraken's Chief Security Officer, Nick Percoco, the incident did not put client funds at risk and is linked to insider threat – specifically, two instances of improper access to a limited set of customer data by support staff members. Percoco stated that the company will not pay a ransom or negotiate with the extortionists. "It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors", – Percoco wrote on X (formerly Twitter).
The investigation began after a tip from a trusted source in February 2025 revealed that cybercriminals were circulating a video demonstrating access to Kraken's customer support systems. The exchange soon identified a support employee who had been recruited by the attacker. Later, the company received information about a second, more recent video showing another instance of insider access to its systems.
In both cases, Kraken responded immediately: employee access was revoked, investigations were launched, and controls were strengthened. Where data exposure was confirmed, the company directly notified the affected users. According to the CSO, the incident impacted only about 2,000 accounts – just 0.02% of Kraken's user base. Furthermore, the exposed information was limited to customer support interaction data.
The criminals threatened to distribute materials from both incidents to media outlets and on social media if the company did not comply with their demands. The company’s management refused to pay the ransom, choosing instead to cooperate with law enforcement to bring the perpetrators to justice.
The case of Kraken demonstrates how a single compromised employee with limited access can trigger a chain of extortion and reputational damage played out in public media. In a world where sensitive data is a primary target, insider threats are a major concern across all industries. Your organization's resilience now depends on how quickly you can detect these internal risks and how transparently you manage the response.
Don’t wait for a compromised or malicious insider to turn your company’s data into an extortion headline. Secure your perimeter against insider risks with SearchInform Risk Monitor, a sophisticated Next-Gen DLP system. Request a free 30-day trial and take control of your risk management.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!