Odido, formerly operating as T-Mobile Netherlands, disclosed that a cyberattack has resulted in the exposure of personal information linked to more than six million customer accounts. The breach is being described as one of the largest telecom-related data incidents in the Netherlands.
In an email sent to affected individuals, the company stated, “Odido was recently hit by a cyberattack carried out by cybercriminals. Based on the investigation, we believe that your data may have been affected.” According to the company, hackers accessed data from approximately 6.2 million accounts.
The compromised information includes customer names, addresses, telephone numbers, email addresses, bank account details, dates of birth, and passport or ID numbers. Odido clarified that no passwords, call logs, location data, invoice details, billing information, or scans of identity documents were exposed in the breach.
“Odido has been hit by a cyberattack, which compromised customer data. This involved personal data from a customer contact system used by Odido. No passwords, call logs, or billing information were affected.” reads a notice published by the company on its website. “The unauthorized access to the system was terminated as quickly as possible. Odido also engaged external cybersecurity experts to assist with implementing additional security measures as part of the incident response.”
The telecom operator began investigating the suspected breach on February 7 with both internal teams and external cybersecurity specialists. The investigation determined that the attackers had gained access to a system used for customer communications. The company stated that the unauthorized access was promptly halted and assured customers that it remains safe to use their phones.
The incident has been reported to the Dutch privacy and data protection authority, known as AP. Odido, which was acquired in 2021 by private equity firms Apax and Warburg Pincus, serves around eight million customers in the Netherlands and competes with KPN and VodafoneZiggo in the local market.
Additionally, Odido’s subsidiary Ben has alerted its customers that their personal information may also have been accessed as part of the breach.
