Odido Data Breach: 6.2 Million Customers’ Info Exposed
▼ Summary
– Dutch telecom provider Odido suffered a cyberattack that exposed the personal data of approximately 6.2 million customers.
– The breach, detected on February 7, involved the compromise of a customer contact system, but did not affect passwords, call logs, or billing information.
– Exposed data varies per customer and can include names, addresses, contact details, IBAN numbers, dates of birth, and identification numbers.
– Odido has blocked the unauthorized access, notified authorities and customers, and engaged cybersecurity experts to strengthen its security.
– There is currently no public evidence that the stolen data has been leaked or confirmation of who is responsible for the attack.
A major Dutch telecommunications company has confirmed a significant data breach, with personal information belonging to millions of its customers compromised in a recent cyberattack. The provider, which operates under the name Odido, announced that unauthorized individuals gained access to its customer contact system, leading to the exposure of sensitive data for a substantial portion of its user base.
The incident was first detected during the weekend of February 7th, prompting an immediate internal investigation supported by external cybersecurity professionals. The attackers managed to infiltrate the company’s customer contact platform, downloading a vast trove of personal records. According to the firm’s statements to Dutch media, the threat actors themselves made contact to claim responsibility for stealing millions of data points.
While the full scope is still being assessed, Odido has indicated that approximately 6.2 million customers are impacted by this security failure. The company moved swiftly to block the unauthorized access and has formally reported the breach to the Dutch Data Protection Authority, known as the Autoriteit Persoonsgegevens, as required by law.
The type of information exposed varies from individual to individual but potentially includes a range of highly sensitive details. The compromised data fields may consist of a customer’s full name, physical address and place of residence, mobile telephone number, and unique customer identifier. Furthermore, the breach could involve email addresses, IBAN bank account numbers, dates of birth, and specific identification data such as passport or driver’s license numbers alongside their validity dates.
Odido has been careful to clarify what was not accessed in the attack. The company assures customers that passwords, call history logs, precise location data, billing information, and actual scanned copies of identification documents remained secure and were not part of the data exfiltrated by the hackers.
In response to the breach, the telecommunications provider is undertaking several corrective measures. All affected customers are being notified via email, with communications expected to be delivered within a 48-hour window. Beyond blocking the initial point of entry, Odido states it has reinforced its security protocols, enhanced system monitoring for anomalous activity, and continues to work with third-party cybersecurity experts to manage the incident and prevent future occurrences.
As of now, there is no public evidence that the stolen data has been released on the internet or dark web forums. The identity and motives of the attackers remain unknown. Odido, formed in 2023 from the rebranding of T-Mobile Netherlands and Tele2 Netherlands, is one of the country’s leading providers of mobile, broadband, and television services.
(Source: Bleeping Computer)
