Odido Data Breach: Millions of Customer Records Exposed in Major Cyberattack

Telecom provider Odido has confirmed a massive cyberattack that compromised sensitive information linked to 6.2 million customer accounts. The breach also affected customers of Ben, a subsidiary of Odido, though Simpel users were not impacted.

What Happened in the Odido Hack

Criminals gained access to a customer contact system containing personal details such as:

• Full name, home address, and phone number
• Email address and customer number
• Account details and date of birth
• Identity document numbers and expiration dates (passports, driver’s licenses)

Odido stressed that passwords, billing data, and call records were not part of the leak. The attack was discovered over the weekend, prompting an immediate investigation with cybersecurity experts.

Why Odido data breach Is Dangerous

This type of personal data is highly valuable to cybercriminals. With names, addresses, and birth dates, attackers can craft convincing phishing emails, texts, or calls. For example, scammers might impersonate Odido and claim that a bill is unpaid, tricking customers into sharing financial details.

Even more concerning, the exposure of identity document numbers raises the risk of identity theft. Fraudsters could attempt to open accounts or services in victims’ names.

Odido’s Response

• The company has reported the incident to the Dutch Data Protection Authority (AP).
• The AP is monitoring Odido’s actions to ensure compliance with privacy regulations.
• Affected customers will receive an official email within 48 hours.
• Odido has not disclosed whether hackers demanded ransom or blackmailed the company.

Importantly, Odido’s telecom services remain fully operational—customers can still make calls, use mobile data, and watch TV without disruption.

What Customers Should Do

Odido advises all customers to remain vigilant. Here are practical steps to protect yourself:

• Be cautious with communications: Treat unexpected emails, texts, WhatsApp messages, or calls with suspicion.
• Verify before clicking: Don’t open links or attachments unless you’re certain they’re legitimate.
• Monitor accounts: Regularly check bank statements and government portals for unusual activity.
• Update passwords: While no passwords were leaked, refreshing them is a good security habit.
• Check ID security: If your passport or driver’s license details were exposed, consider contacting Dutch authorities for guidance.