Dutch telecom provider Odido has been hit by a cyberattack in which millions of customer records were stolen.
Dutch telecom provider Odido is investigating a cyberattack in which the personal data of millions of customers was compromised, but also states that passwords and billing information remained secure.
Breach of customer contact system
According to a security notice from Odido, the incident was discovered on the weekend of February 7, after which an internal and external investigation was immediately launched. Attackers gained access to a customer contact system and were able to download large amounts of personal data. The company confirmed to Nu.nl that this involves data from approximately 6.2 million current and former customers.
The impact varies per customer, but may include names, addresses, cities, mobile numbers, customer numbers, and email addresses. In some cases, IBAN numbers, dates of birth, and identification details such as passport or driver’s license numbers and expiration dates are also involved. Odido emphasizes that passwords, call logs, location information, invoices, and copies of identity documents were not stolen.
Report to regulator and customers
Following the discovery of the attack, Odido blocked the unauthorized access and reported the data breach to the Dutch Data Protection Authority. In addition, all affected customers are being informed via email; they should receive this notification within 48 hours.
Odido says it has taken additional security measures, including tightening access controls and improving monitoring for suspicious activity. Furthermore, external cybersecurity specialists have been brought in to further analyze the incident and prevent a recurrence. The investigation into the exact cause and possible misuse scenarios is still ongoing. Odido states it will keep customers informed as soon as there is more clarity.