Odido Customer Contact System Breach Exposes Data of 6.2 Million Customers
Dutch telecommunications provider Odido disclosed a cyberattack in which threat actors gained unauthorized access to a customer contact/CRM system and downloaded personal data associated with approximately 6.2 million customer accounts. Odido stated the intrusion was detected over the February 7–8 weekend and that access was terminated as quickly as possible; the company also reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and engaged external cybersecurity experts to support investigation and additional defensive measures. Odido said its telecom operations were not disrupted, and no threat actor group has publicly claimed responsibility; reporting also notes the attackers allegedly contacted Odido to assert they had stolen millions of records.
Exposed data varies by customer but may include full name, address/place of residence, mobile number, customer number, email address, IBAN bank account number, date of birth, and identification document details (e.g., passport/driver’s license number and validity). Odido emphasized that passwords (including for the My Odido portal), call logs, location data, invoice/billing details, and scans of ID documents were not affected. Odido is notifying impacted individuals via email from info@mail.odido.nl or by SMS, and warned that the stolen data could be used for impersonation and phishing attempts that appear to come from Odido.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Odido begins notifying affected customers and warns of phishing risks
Starting on 2026-02-12, Odido said it would contact impacted individuals by email or SMS within 48 hours with details about what data was affected. The company warned customers to watch for impersonation, phishing, and fraud attempts using the stolen information.
Odido publicly discloses breach affecting 6.2 million accounts
On 2026-02-12, Odido confirmed that a cyberattack exposed personal data from about 6.2 million customer accounts. The company said exposed data could include names, addresses, contact details, dates of birth, IBANs, and government ID details, while passwords, call logs, location data, billing details, and ID scans were not affected.
Odido reports the breach to the Dutch Data Protection Authority
After confirming the incident, Odido notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens/AP) about the data breach. This regulatory notification was part of the company's formal response to the compromise.
Odido detects the breach and blocks unauthorized access
Over the weekend of 2026-02-07 to 2026-02-08, Odido detected signs of the intrusion, terminated the unauthorized access, and began investigating the incident. The company engaged internal and external cybersecurity experts and added monitoring and security controls.
Attackers access Odido customer contact system and steal customer data
On 2026-02-07, attackers compromised Odido's customer contact/CRM system and downloaded customer data. The intrusion affected data tied to Odido customers and customers of subsidiary Ben, while core telecom services were not disrupted.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Dutch phone giant Odido says millions of customers affected by data breach - DataBreaches.Net
databreaches.net
Open sourceOdido reports cyberattack exposing data of 6.2 million customers | SC Media
scworld.com
Open sourceOdido Data Breach: 6.2 Million Customers Exposed - TheCyberThrone
thecyberthrone.in
Open sourceDutch telco Odido admits 6.2M customers affected in breach • The Register
go.theregister.com
Open sourceOdido Telecom Suffers Cyberattack - 6.2 Million Customer Accounts Affected
cybersecuritynews.com
Open sourceOdido data breach exposes personal info of 6.2 million customers
bleepingcomputer.com
Open sourceInformatiepagina cyberincident | Odido
odido.nl
Open sourceDutch mobile phone giant Odido announces data breach | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Odido Customer Data Breach and Extortion Leak Campaign
Dutch telecom **Odido** reported that attackers stole data on **6.2 million** current and former customers, while the threat actor claimed the dataset covers **8+ million** people and demanded **€1M+** in ransom, threatening to publish data in daily tranches if unpaid. Reporting indicates the company refused to pay, and the extortionists proceeded with a staged leak strategy intended to maximize public and media impact. Subsequent leak batches reportedly included not only typical customer identifiers (e.g., names, addresses, phone numbers, dates of birth, bank account numbers, and ID numbers) but also **internal customer-service notes** containing highly sensitive context such as stalking, threats, domestic violence, and protected addresses—creating potential **physical safety risks** for affected individuals. The leak cadence was described as multiple dumps over consecutive days (including a “final dump”), drawing significant national attention in the Netherlands and increasing the likelihood of intensified law-enforcement focus on the perpetrators.
Mar 27, 2026
ShinyHunters Claims Large-Scale Data Theft From Dutch Telecom Odido
**ShinyHunters** has claimed responsibility for breaching Dutch telecommunications provider **Odido** (and brand **BEN**) and stealing a much larger dataset than the company initially indicated. Odido previously disclosed that attackers accessed its customer contact system and downloaded customer data, reporting the incident to the Dutch Data Protection Authority, cutting off attacker access, and bringing in external incident-response support. Odido said the exposed data varied by customer and could include identifiers and contact details such as name, address, mobile number, customer number, email address, **IBAN**, date of birth, and some ID details (e.g., passport/driver’s license numbers and validity), while stating that Mijn Odido passwords, call/location/data/billing details, and scans of identity documents were not exposed. ShinyHunters subsequently listed Odido on its leak site and alleged theft of **~21 million records** tied to **~8 million customers**, asserting Odido downplayed the scope. The gang’s claims also include highly sensitive elements—most notably **plaintext passwords**—and additional materials such as internal corporate documents and source code, which (if accurate) would materially increase risks of credential stuffing/account takeover, identity fraud, and follow-on intrusion. At the time of reporting, the expanded dataset details (including plaintext passwords and source code) were presented as **attacker claims** rather than independently confirmed by Odido.
Mar 26, 2026
Dutch Organizations Report Data Breaches and Extended Unauthorized Access
Dutch authorities reported a prolonged compromise at the Dutch prisons agency **DJI**, where attackers reportedly maintained access for at least **five months**. Exposed information included staff **email addresses, phone numbers, and security certificates**, and the Dutch NCSC indicated the intruders also accessed **phones, tablets, and laptops**, though the extent of data access on those endpoints was not confirmed; DJI did not confirm whether access had been fully removed. Separately, Dutch telecom **Odido** disclosed a **data breach followed by an extortion attempt**, after which attackers publicly released about **1M records** (including **317k unique email addresses**) and threatened additional leaks. The published data reportedly included **names, physical addresses, phone numbers, bank account numbers**, and customer-service notes; Odido’s notice also warned that **dates of birth** and government ID numbers (passport/driver’s license) were impacted. A **Canadian Tire** breach entry describes a different incident in Canada (October 2025) involving ~**42M records** with PBKDF2-hashed passwords and some partial payment-card metadata, and is not part of the Netherlands-focused events above.
Mar 21, 2026