Overview
- Odido says attackers accessed its internal customer‑contact system on 7–8 February and downloaded a file containing customer information.
- Data that may be in the file include full name, address, mobile number, customer number, email, IBAN, date of birth and identification numbers from passports or driving licences.
- The affected system holds records for roughly 6.2 million customers, and Odido has notified impacted individuals by email or SMS and reported the breach to the Dutch Data Protection Authority.
- Local and national guidance advises heightened caution for phishing via email, SMS, WhatsApp or phone, and says the leaked details alone are not sufficient to open bank accounts, take out loans, start phone subscriptions or request new identity documents.
- Investigations are ongoing, and NOS reported—citing unnamed sources—that attackers may have gained access through phishing of customer‑service staff, a detail not confirmed by Odido.