Telecom provider Odido has been hit by a large-scale data breach after a cyber attackin which personal data of possibly 6.2 million customers was stolen. This incident took place on February 7 and 8, 2026 and relates to a customer contact system, but daily services such as calling, using the internet and watching television remain intact.
Odido responded quickly by stopping the attack, calling in external experts and reporting the leak to the Dutch Data Protection Authority (AP). Affected customers have received a personal email or text message with information about their situation. The big question now is: what next?
The data breach explained
During the cyber attack, criminals gained unauthorized access to a Salesforce environment containing customer information, probably through phishing and social engineering aimed at employees. The leaked data includes names, addresses, telephone numbers, email addresses, IBAN numbers, dates of birth and in some cases passport or driver’s license details (including number and expiry date).
ODIDO has determined that passwords, calling data, invoices, location information and ID scans have not been leaked. Nevertheless, it is alarming that personal data is now public, as bad actors can leverage this information to entrap customers.
Consequences for customers
The stolen data increases it risk of phishingidentity fraud, SIM swapping and fake invoices or phone calls where criminals pretend to be Odido or a bank. Because they have specific personal information, they may appear trustworthy, but this is an illusion.
At the time of writing, the data has not yet been published on the dark web, but Odido is continuously monitoring this. For the time being, it is unclear what will happen to the data.
What you should do as a user
Be extra alert to suspicious emails, texts, apps or calls with typos, unknown senders or urgent requests for data – don’t click links or provide PINs or passwords. Always check invoices via My Odido, hang up if in doubt and call back via official numbers. If you have opened a suspicious link: change passwords (start with email and bank), report to Fraud Helpdesk (088-7867372) and report it to the police.
Odido gives the following tips:
- Cyber ​​criminals can try to contact you with your name, address, telephone number, email address and account number, pretending to be someone from Odido, your bank or another organization. Therefore, always stay alert to these types of phone calls, text messages, apps or emails.
- Be careful when opening links in emails, texts and apps. You can often recognize a suspicious email, text message or app by typos and unknown senders. Check the phone number. Or what comes after the ‘@’ sign of an email address.
- Do you receive an unexpected call from a number you don’t recognize? It may be that an employee from your bank or another company is actually calling. You can check this by asking the caller for his/her first and last name and asking him/her for the company’s general telephone number. When in doubt, say you’d like to check first if the person is a real employee and hang up. Then check the company’s website to see if the number is indeed correct. Is the number correct? Then call yourself and ask for the employee who called you.
- Give never someone your password or PIN code.
- Always be alert when receiving invoices. Cyber ​​criminals can take advantage of the situation by sending fake invoices that appear to come from Odido or other parties. Therefore, always carefully check the origin and accuracy of received invoices before making payment. For example, you can always view an invoice from Odido in My Odido. If in doubt, always contact odido.
The future at Odido
Odido conducts a thorough evaluation, strengthens security and increases employee awareness against phishing. CEO Søren Abildgaard emphasizes transparency and priority for customer safety, with updates via odido.nl/safety. There is no compensation yet, but this may come up for discussion depending on the AP investigation.
Switch to another provider
Have you lost confidence in Odido? Then you can switch to another provider. However, it is important to realize that the incident does not provide legal grounds for a free termination of your contract. If your contract is still running, you will have to wait until it expires or terminate it early, which may be accompanied by a fine. If the Dutch Data Protection Authority determines that Odido is seriously deficient, it is possible to cancel your contract earlier without consequences.
- KPN Mobile (mobile)
- KPN Internet & TV (internet, TV and landline phone)
- ZIGGO (internet, TV and landline phone)
- Ziggo business (internet, TV and landline phone)
- Vodafone (mobile)
- Hollandsnieuwe (mobile)
- Lebara (mobile)
- Youfone (mobile)
- Online (internet, TV and landline phone)
- Simple (mobile) – uses the Odido network
- Ben (mobile) – uses the Odido network
- Delta Fibre (internet, TV and landline phone) – uses the Odido network