Industry - Data Breach
Executive Summary
Dutch police investigating the February cyberattack on telecom provider Odido, which exposed personal data of over 6 million customers, have identified a suspected local accomplice who posed as an IT employee to help hackers gain access to the company's customer contact system. Authorities are working to identify the Dutch-speaking caller and may publicly release a voice recording to aid the investigation. Police have seized servers used to distribute the stolen data and are appealing for inf...
What Happened
In February 2025, telecom provider Odido suffered a cyberattack that exposed personal data of over 6 million customers. Dutch police now believe a Dutch-speaking individual posing as an Odido IT employee called the company's customer service department before the attack, tricking employees into granting system access that enabled hackers to steal customer records from a compromised customer contact system. Police have seized servers used to distribute the stolen data and are continuing their investigation to identify the caller and other suspects.
Who Is Affected
More than 6 million Odido customers had their personal data exposed in this breach. The affected individuals are customers of the Dutch telecommunications provider, making this one of the larger data exposures in the Netherlands given the scale of customer records compromised. Odido reported that the incident did not disrupt its operational services to customers.
Why It Matters
This breach demonstrates how social engineering attacks combining insider knowledge with technical intrusion can compromise millions of records even at established telecommunications providers. The suspected involvement of a local Dutch-speaking accomplice highlights how attackers use cultural and linguistic familiarity to manipulate employees through impersonation tactics. The scale of 6 million affected customers represents a significant portion of the Dutch population and underscores vulnerabilities in customer service access controls at critical infrastructure providers.
What You Should Do
If you are an Odido customer, monitor your accounts for suspicious activity and be alert for phishing attempts or identity theft using your exposed personal information. Contact Odido directly through official channels to confirm what specific data of yours was compromised and what protections the company is offering. If you have information about the February attack or recognize details about the Dutch-speaking caller mentioned by police, contact Dutch authorities through their official reporting channels.
Summary generated from verified sources and reviewed before publication. How we summarize.