Overview
- Odido detected the breach over the weekend of February 7–8, cut off unauthorized access, and brought in external cybersecurity experts.
- Exposed data may include names, addresses, phone numbers, email addresses, dates of birth, IBAN bank numbers, and passport or ID numbers, while passwords, call, billing, location data, and ID scans were not affected.
- Roughly 6.2 million people were impacted, including Odido and Ben customers, while Simpel customers were not affected.
- Notifications are being sent by email or SMS with individualized details of what was accessed, and the incident has been reported to the Dutch Data Protection Authority.
- No public dump of the stolen data or attacker attribution has been verified, and customers are being warned about possible impersonation and fake invoices.