• Home
  • cyber
  • Odido: Stolen Odido data worth “gold” for criminals
cyber Breach

Odido: Stolen Odido data worth “gold” for criminals

Feb 12, 2026 2 min read
Odido: Stolen Odido data worth “gold” for criminals

Massive Data Breach at Dutch Telecom Provider Odido Exposes 6.2 Million Accounts

Dutch telecom provider Odido has reported one of the largest data breaches in the Netherlands, with sensitive information from 6.2 million customer accounts compromised. The company began notifying affected users on Thursday at 12 p.m., though the exact number of impacted individuals remains unclear as the investigation continues.

The stolen data varies by account but may include full names, addresses, phone numbers, email addresses, IBAN bank account numbers, dates of birth, and passport or driver’s license numbers a combination cybersecurity experts describe as unusually valuable for criminals. Notably, passwords, call logs, location data, billing details, and ID document scans were not accessed.

Ethical hacker Sijmen Ruwhof warned that the breach poses severe risks, including highly convincing phishing attacks where criminals use real customer details to impersonate legitimate companies. Fraudsters could also exploit the data to bypass authentication checks, taking out contracts or committing financial fraud in victims’ names. Matthijs Koot, another security expert, highlighted the risk of helpdesk fraud, bank scams, and targeted espionage, noting that hostile intelligence services could use the data to track politicians, government employees, or critical infrastructure workers.

The breach also raises concerns about stalking, doxxing, and organized crime, as criminals including drug offenders could use the data to identify individuals using regular phone subscriptions. Ruwhof criticized Odido’s security measures, stating that the scale of the leak suggests a failure in cybersecurity controls at the time of the incident. While the company has not disclosed whether hackers made ransom demands, experts warn the data could be sold or used for extortion.

Odido CEO Tisha van Lammeren emphasized that notifications were delayed to avoid misinformation but did not comment on the adequacy of the company’s security. She acknowledged the sophistication of cybercriminals while reiterating that customer safety remains the top priority. The full impact of the breach is still under assessment.

Source: https://nltimes.nl/2026/02/14/stolen-odido-data-worth-gold-criminals

Odido TPRM report: https://www.rankiteo.com/company/odido

"id": "odi1771093701",
"linkid": "odido",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '6.2 million',
                        'industry': 'Telecommunications',
                        'location': 'Netherlands',
                        'name': 'Odido',
                        'type': 'Telecom Provider'}],
 'customer_advisories': 'Notifications sent to affected users on Thursday at '
                        '12 p.m.',
 'data_breach': {'number_of_records_exposed': '6.2 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Full names',
                                              'Addresses',
                                              'Phone numbers',
                                              'Email addresses',
                                              'IBAN bank account numbers',
                                              'Dates of birth',
                                              "Passport or driver's license "
                                              'numbers']},
 'description': 'Dutch telecom provider Odido has reported one of the largest '
                'data breaches in the Netherlands, with sensitive information '
                'from 6.2 million customer accounts compromised. The stolen '
                'data includes full names, addresses, phone numbers, email '
                'addresses, IBAN bank account numbers, dates of birth, and '
                "passport or driver's license numbers. The breach poses severe "
                'risks including phishing attacks, fraud, and targeted '
                'espionage.',
 'impact': {'brand_reputation_impact': 'Severe',
            'data_compromised': '6.2 million customer accounts',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Possible'},
 'investigation_status': 'Ongoing',
 'motivation': ['Financial Gain', 'Espionage', 'Fraud'],
 'post_incident_analysis': {'root_causes': 'Failure in cybersecurity controls'},
 'references': [{'source': 'Ethical hacker Sijmen Ruwhof'},
                {'source': 'Security expert Matthijs Koot'}],
 'response': {'communication_strategy': 'Notifications sent to affected users'},
 'title': 'Massive Data Breach at Dutch Telecom Provider Odido Exposes 6.2 '
          'Million Accounts',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.