Dutch telecommunications provider Odido has confirmed a massive data breach involving the personal information of over 6.2 million customers. The security incident, disclosed on Thursday, involves unauthorized access to the company’s internal customer contact systems, exposing sensitive data belonging to approximately one-third of the Dutch population.
Scope of the Exposed Data
According to an official statement from the company, unidentified hackers successfully exfiltrated extensive personal records. The compromised information includes:
- Full names and contact details (email and postal addresses)
- Phone numbers and dates of birth
- Bank account numbers (IBAN)
- Government-issued identification details, such as passport or driver’s license numbers and their respective validity dates
The breach impacts current subscribers and former customers who utilized Odido’s services within the last two years. The incident also extends to customers of the company’s subsidiary, Ben NL.
What Remains Secure
Odido clarified that several critical data points were not accessed during the cyberattack. The company confirmed that customer call logs, location tracking data, billing history, and physical image scans of government IDs remain intact. Furthermore, the breach does not affect business-tier clients, and the provider’s primary phone, internet, and television network operations remain fully functional.
A Growing Trend in Telco Cyberattacks
This incident is part of a broader, alarming trend of cyberattacks targeting global telecommunications giants. These entities remain prime targets for state-sponsored actors and financially motivated hackers seeking high-value personal and strategic data.
The telecommunications sector is currently facing heightened scrutiny. Recently, the Singaporean government reported that a China-linked hacking group infiltrated four of its leading phone carriers as part of a targeted surveillance campaign. Simultaneously, the threat group known as Salt Typhoon has compromised hundreds of telecommunications firms across the United Kingdom, the United States, Canada, and Norway, focusing on the espionage of diplomats and senior government officials.