Dutch telecom giant Odido suffers data breach, 6.2M records exposed
What's the story
Dutch telecom giant Odido has confirmed a major data breach, compromising the personal information of over 6.2 million customers. The company revealed that hackers gained unauthorized access to its customer contact system and downloaded a large amount of sensitive information. This incident is one of the largest data breaches in the Netherlands, affecting nearly one-third of the country's population.
Data details
What information was stolen?
The stolen data from the Odido breach includes customer names, phone numbers, postal and email addresses, dates of birth, bank account numbers (IBAN), and government ID details like passport or driver's license numbers and their validity periods. The company has stressed that the compromised information does not include call records, location data, billing information or scans of government IDs.
Company actions
Odido's business and competitors
Odido, which was formerly T-Mobile's Dutch business, was acquired by private equity firms Apax and Warburg Pincus in 2021. The company serves around eight million customers and competes with KPN and VodafoneZiggo in the Dutch market. Following the breach, Odido has terminated unauthorized access to its systems and assured users that their phones are safe to use.
Ongoing probe
Investigation launched into the breach
The company launched an investigation into the possible breach on February 7 with the help of internal and external experts. Odido has also reported the incident to Dutch privacy and data protection watchdog, AP. The company is notifying all affected customers via email or text within 48 hours of the breach announcement.
Attack method
Hackers used phishing attack to gain access
The hackers behind the Odido breach used a phishing attack to trick customer service staff into giving them access. They posed as IT support staff to bypass security checks. This incident comes amid a global rise in telecom hacks, highlighting the need for heightened cybersecurity measures in the industry.