it

Odido data breach exposes personal info of 6.2 million customers

Published: (February 12, 2026 at 01:18 PM EST)
2 min read
Source: Bleeping Computer

Source: Bleeping Computer

Dutch telecommunications provider Odido is warning that it suffered a cyber‑attack that reportedly exposed the personal data of 6.2 million customers.

Odido is one of the largest mobile and telecommunications providers in the Netherlands, offering mobile, broadband, and television services to millions of customers nationwide. The company was formed in 2023 through the rebranding of T‑Mobile Netherlands and Tele2 Netherlands.

The company says it detected the incident on the weekend of 7 February and launched an investigation with internal and external cybersecurity experts.

Breach overview

Odido says that the attackers breached its customer‑contact system, allowing them to download personal data from many customers.

“Odido has been hit by a cyber‑attack, which compromised customer data,” the company warns.
“This involved personal data from a customer contact system used by Odido. No passwords, call logs, or billing information were affected.”
— Odido security notice

Odido told Nu.nl that the breach affects 6.2 million customers, and that the threat actors contacted the company to claim they stole millions of records.

After learning of the breach, Odido immediately blocked the unauthorized access to its customer‑contact information and reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Exposed customer information

The exposed information varies per customer but may include:

  • Full name
  • Address and place of residence
  • Mobile number
  • Customer number
  • Email address
  • IBAN (account number)
  • Date of birth
  • Identification data (passport or driver’s licence number and validity)

The company emphasized that passwords, call records, location data, invoice details, and scans of identification documents were not affected.

Company response

Odido is emailing all impacted customers; notifications should be received within 48 hours. The company has:

  • Blocked the unauthorized access
  • Strengthened security controls
  • Increased monitoring for suspicious activity
  • Engaged external cybersecurity experts for incident response and mitigation

Investigation status

At this time, BleepingComputer has found no evidence that the data has been publicly leaked, nor have the attackers been identified.

0 views
#data breach #Odido #cybersecurity #personal data exposure #telecommunications #Netherlands #privacy
View source
Share:
Back to Blog

Related posts

Read more »

Why does my VPN keep disconnecting?

Why VPNs Are Usually Easy to Fix One good thing about virtual private networks VPNs is that when they don’t work, the problem is almost always solvable without...