Odido Data Breach Exposes Personal Information of 6.2 Million Customers

What happened

Dutch telecommunications provider Odido disclosed that a cyberattack exposed personal data belonging to approximately 6.2 million customers after attackers breached its customer contact system. The company detected the incident on February 7 and launched an investigation with internal and external cybersecurity experts. According to Odido, threat actors gained unauthorized access to a customer contact system and downloaded personal information stored in that environment. Exposed data may include full names, addresses, mobile numbers, email addresses, customer numbers, IBAN account numbers, dates of birth, and identification data such as passport or driver’s license details. Odido stated that passwords, call logs, billing information, and identification document scans were not affected. The company blocked unauthorized access, reported the breach to the Dutch Data Protection Authority, and began notifying impacted customers while strengthening monitoring and security controls. 

Who is affected

Approximately 6.2 million customers of Odido are affected, as attackers accessed personal information stored in the company’s customer contact system, including identifying and contact details associated with telecommunications accounts. 

Why CISOs should care

The compromise of a telecommunications provider’s customer contact system highlights how centralized customer data repositories can become high-value targets for attackers seeking large volumes of personal and financial information. 

3 practical actions

• Secure customer contact systems. Ensure access controls and monitoring protect centralized repositories containing customer information.
• Notify affected individuals. Inform impacted customers promptly and provide guidance on protecting their personal data.
• Strengthen security monitoring. Increase detection and response capabilities to identify unauthorized access and prevent further compromise.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity