Telecom provider Odido has disclosed a data breach affecting 6.2 million customers, after cybercriminals gained unauthorized access to its customer contact system and extracted sensitive personal data.
Although core services remain unaffected, sensitive information like full names, addresses, phone numbers, email addresses, bank account details, and identification numbers was exposed.
The incident was first detected during the weekend of February 7–8, 2026, when Odido's internal teams noticed suspicious activity within their systems. Immediate steps were taken to investigate and contain the breach, with external cybersecurity experts brought in to help secure the compromised environment and assess the extent of the leak. According to the company, the unauthorized access has since been terminated, and the breach has been formally reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Odido, one of the largest telecommunications providers in the Netherlands with millions of mobile, internet, and television customers, emphasized that the breach did not affect operational infrastructure. Customers can continue using all Odido services, including mobile calling, internet, and TV, without disruption. No passwords, call metadata, location data, or invoice records were exposed in the attack.
At the time of writing, there is no evidence that the stolen data has been published online, and CyberInsider found no claims on ransomware, data extortion portals, or hacking forums. However, Odido warns that the possibility of future exposure or misuse cannot be ruled out. The company is actively monitoring for signs of data circulation and has urged affected customers to remain vigilant against phishing attempts, fraudulent messages, and social engineering scams. Personal notifications are being sent to impacted individuals via email (from info@mail.odido.nl) or SMS, depending on the available contact details.
The attackers appear to have exploited vulnerabilities in Odido's customer contact system, enabling them to exfiltrate personal records in a targeted and covert manner. In response, Odido has implemented enhanced security measures, strengthened internal monitoring, and launched employee awareness campaigns to prevent similar intrusions in the future.
Customers of Odido are advised to be cautious of unsolicited communications that request personal or financial information, avoid clicking links from unknown contacts, and always verify the authenticity of invoices claiming to be from Odido.
Leave a Reply