Dutch telecom provider Odido has confirmed a large-scale cyberattack that compromised the personal data of more than 6 million customers across the Netherlands.
Quick Summary – TLDR:
- Over 6.2 million Odido and Ben customers had personal data exposed in a cyberattack on February 7 and 8.
- Stolen data includes names, birthdates, bank account numbers, and ID details like passports and driver’s licenses.
- Passwords, call logs, and billing data were not affected, and Odido’s services remain fully operational.
- The company has alerted authorities, launched an investigation, and is notifying impacted customers.
What Happened?
On the weekend of February 7, Odido discovered that hackers had gained unauthorized access to one of its customer contact systems. The breach exposed a wide range of personal data belonging to approximately 6.2 million users, including customers from its subsidiary brand Ben.
The telecom giant says it acted swiftly to cut off access, notify authorities, and begin alerting affected users.
Dutch telecommunications group Odido said it was hit with a cyberattack that compromised customer data, though services have remained operational https://t.co/A2e2FJVIi7
— Bloomberg (@business) February 12, 2026
A Closer Look at the Incident
Odido, formed in 2023 from the rebranding of T-Mobile Netherlands and Tele2 Netherlands, has become one of the largest telecom providers in the country, with around 8 million customers. It confirmed the data breach in an official statement, revealing that hackers targeted its customer contact system, not core service infrastructure.
Exposed Information Includes:
- Full names
- Physical addresses and place of residence
- Mobile phone numbers
- Email addresses
- Customer numbers
- Bank account numbers (IBAN)
- Date of birth
- Identification data such as passport or driver’s license numbers and their validity dates
Crucially, no passwords, call records, invoice details, or ID document scans were compromised. Odido clarified that services like mobile, broadband, and TV remained unaffected.
The hackers reportedly contacted the company to confirm that they had stolen millions of records. While no specific group has claimed responsibility for the attack, Odido stated that the data has not yet surfaced online. However, it warned customers that misuse or publication could still occur.
Odido said:
Odido’s Response and Next Steps
Immediately following the breach, Odido:
- Blocked unauthorized access to its systems.
- Engaged both internal and external cybersecurity experts for incident response.
- Reported the breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
- Strengthened system monitoring and security controls.
The telecom company began notifying affected users via email and phone, stating that all impacted customers should expect to hear from them within 48 hours.
While the threat actor remains unidentified, the scale of the attack raises alarms for telecom security across Europe. Notably, the European Commission experienced a separate cyber incident earlier in the same week, though there is no public indication of a connection between the two events.
SQ Magazine Takeaway
Honestly, this is a wake-up call for every telecom customer. When a provider like Odido, with millions of users and strong infrastructure, gets hit this hard, it shows just how vulnerable personal data really is. I always say this, but double-check your email, monitor your bank accounts, and never click on weird links or calls claiming to be from your provider. Companies might fix their systems, but once your info is out there, it’s out there. This isn’t about just Odido, it’s about how prepared all our digital services need to be.
