Dutch telecom provider Odido confirmed a data breach affecting approximately 6.2 million customers, revealing the compromise of personal information including names, home and email addresses, phone numbers, dates of birth, bank account numbers, and ID document details. The company first detected unusual activity during the weekend of February 7-8 and immediately alerted the Dutch Data Protection Authority.
Even as Odido asserts that passwords, call logs, billing information, and scans of identification documents were not accessed, the scale of the breach positions it as one of the largest data leaks in Dutch history. The compromised data includes customers of Ben, another mobile network operator owned by Odido, though Simpel, a low-cost brand similarly under Odido’s umbrella, was unaffected.
Odido has begun notifying affected individuals via email (info@mail.odido.nl) or SMS, with each message tailored to specify the exact data compromised in their case. The company is warning customers to be vigilant against potential scams leveraging the stolen information for financial gain, particularly impersonation attempts by criminals posing as Odido, their bank, or other entities.
The breach occurred through a sophisticated phishing attack, where hackers impersonated an IT employee to gain access to Odido’s customer relationship management system, according to anonymous sources. Odido has stated that the stolen data has not yet been publicly released, but acknowledges the possibility of its future online publication.
Odido, acquired by private equity firms Apax and Warburg Pincus in 2021, competes with KPN and VodafoneZiggo in the Dutch telecommunications market, serving around 8 million customers. The company is cooperating with authorities and has initiated internal investigations to determine the full extent of the security lapse and prevent future incidents.
