Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers.
Odido is one of the largest mobile and telecommunications providers in the Netherlands, offering mobile, broadband, and television services to millions of customers nationwide. The company was formed in 2023 through the rebranding of T-Mobile Netherlands and Tele2 Netherlands.
The company says they detected the incident on the weekend of February 7 and launched an investigation with internal and external cybersecurity experts.
Odido says that the attackers breached their customer contact system, allowing them to download the personal data of many of its customers.
“Odido has been hit by a cyberattack, which compromised customer data,” warns the company.
“This involved personal data from a customer contact system used by Odido. No passwords, call logs, or billing information were affected.”
Odido told Nu.nl that the breach affects 6.2 million customers, and that the threat actors contacted the company to say they stole millions of records.
After learning of the breach, Odido says they immediately blocked the unauthorized access to its customer contact information and reported the breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Odido says the exposed information varies per customer but may include:
- Full name
- Address and place of residence
- Mobile number
- Customer number
- Email address
- IBAN (account number)
- Date of birth
- Identification data (passport or driver’s license number and validity)
However, the company emphasized that passwords, call records, location data, invoice details, and scans of identification documents were not affected.
The company is now emailing all impacted customers who should receive the notification within 48 hours.
Odido says it has now blocked the unauthorized access, strengthened security controls, increased monitoring for suspicious activity, and engaged external cybersecurity experts to assist with incident response and mitigation.
At this time, BleepingComputer has found no evidence that the data has been publicly leaked or who is behind the attack.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.