- Odido cyberattack exposed sensitive data of 6.2 million Dutch customers
- Stolen details include names, addresses, phone numbers, IBANs, and ID document numbers
- Services remained unaffected; attackers unknown, data not yet seen on dark we
Dutch telecommunications company Odido has confirmed suffering a cyberattack and losing sensitive data on millions of people.
In a notice published on its website, the company says it “deeply regrets” the situation and is “fully committed” to limiting its impact.
“Based on investigation, the incident concerns personal data from a customer contact system used by Odido,” the notice, machine-translated, reads. “There are no passwords, call information, or billing information involved.”
Telcos are a prime target
The company also said that its services remain uninterrupted, and that the unauthorized access was terminated as soon as possible. Third-party cybersecurity experts were called to assist, and affected customers were notified.
The notice says nothing about the identity of the attackers, the nature of the incident, or the amount of people affected - however, speaking to local media, the company said 6.2 million customers were affected, and these lost a combination of the following:
Full name
Address and place of residence
Mobile number
Customer number
Email address
IBAN (account number)
Date of birth
Identification data (passport or driver's license number and validity)
The incident, which seemingly took place on February 7 2026, did not compromise passwords, call records, location data, invoice details, or scans of ID documents.
Odido is a major Dutch telecommunications provider offering mobile, fiber broadband and TV services to both consumers and business customers. It operates nationwide 5G and fiber networks and runs brands including Ben, Simpel and Tele2 Thuis. The telco serves around eight million customers and employs over 2,000 people, and in 2024, it generated roughly €2.3 billion in revenue (about $2.5 billion).
Due to the nature of the data they generate, telcos are often prime targets, especially for state-sponsored threat actors. So far, no groups assumed responsibility for this attack, and the data is yet to surface on the dark web.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
