Odido 2026 Data Breach

Odido Dutch Telecom Breach (2026): 6.2 Million Customer Records Including Bank Account, Passport, Driver's License & Government ID Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

ShinyHuntersCredential TheftTelecomBank Account NumberCustomer Service RecordsDate of BirthDriver's LicenseEmail AddressFull NameGender
High SeverityWebsite / service breach

Odido Dutch Telecom Breach (2026): 6.2 Million Customer Records Including Bank Account, Passport, Driver's License & Government ID Exposed

Dutch telecommunications provider for mobile, broadband, and TV services.

Verified by ObscureIQ Intelligence
100/100Breach Risk Index
73Data Value
60Market Recency
132dSince Breach

Breach Intelligence Summary

Entity: Odido · Actor: ShinyHunters · Sources: 3 references
Attack: Credential Theft
Profile: Company · Telecommunications services · Mobile and broadband provider · Netherlands
Timeline: Breach (2026-02-12) · Indexed (Feb 26, 2026) · Year (2026)
Exposure: 6.2M records · 11 fields: Bank Account Number, Customer Service Records, Date of Birth, Driver's License, Email Address, Full Name, Gender, Government ID, Passport Number, Phone Number, Physical Address
Status: Confirmed

Executive Summary

In mid-February 2026, attackers compromised Odido's customer-management (CRM) system after phishing customer-service employees for their credentials and defeating multi-factor authentication through voice-based social engineering, then used automated scripts to exfiltrate data on approximately 6.2 million current and former customers. Exposed fields reportedly included names, addresses, phone numbers, email addresses, dates of birth, customer numbers, bank account (IBAN) numbers, and passport, driver's license and national ID numbers. After Odido declined a roughly EUR 1 million ransom, the threat actor ShinyHunters released the dataset in stages beginning around March 1, 2026 across dark-web forums including BreachForums. The breach is cataloged by Have I Been Pwned and DataBreach.com and confirmed by Odido.

ObscureIQ assessment: Severe risk of phishing, SIM swap attacks, account takeover, and identity fraud. Telecom records are especially dangerous because they can be used to pivot into other accounts.

Breach Impact

The breach exposed a highly sensitive combination of identity, contact, and financial identifiers for roughly 6.2 million current and former customers, including bank account (IBAN) numbers and government-issued ID numbers. For a national carrier, exposure at this scale creates lasting account-security and fraud risk for a large share of the Dutch population, erodes subscriber trust, and carries significant regulatory and reputational consequences given the volume and sensitivity of the data and the public extortion and leak that followed.

About Odido

Odido is the largest telecommunications operator in the Netherlands, providing mobile, broadband, and TV services to consumer and business subscribers. It was formed in 2023 when T-Mobile Netherlands and Tele2 Netherlands were merged and rebranded as Odido under owners Apax Partners and Warburg Pincus. As a national carrier it runs retail, billing, and customer-management systems supporting millions of active accounts across the country.

Why They Hold Your Data

Telecommunications providers collect subscriber identity, phone numbers, billing records, service addresses, device data, and account-management information across mobile and broadband services.

Recent Developments

Odido continues to operate as the Netherlands' largest mobile network. After the February 2026 compromise of its customer-management system it disclosed the incident publicly, published a customer FAQ, and declined to pay the attackers' ransom demand. The breach has drawn regulatory scrutiny under Dutch data-protection authorities and prompted at least one class-action claim on behalf of affected customers.

Data Points Exposed

11 verified field types
Bank Account Number Critical
Customer Service Records
Date of Birth High
Driver's License Critical
Email Address
Full Name High
Gender
Government ID Critical
Passport Number Critical
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Financial fraud and unauthorized transfers using exposed bank account (IBAN) numbers
  • Identity theft and synthetic identity construction using passport, driver's license and government ID numbers
  • Identity verification bypass using name, date of birth and ID number combinations
  • SIM swap and account-takeover attacks leveraging exposed phone numbers
  • Targeted phishing and vishing impersonating Odido using exposed contact and customer-service data
  • Doxxing and physical targeting from exposed home addresses
Threat vectors:
  • Bank transfer & IBAN fraud
  • Identity fraud with official bodies
  • International identity fraud & border exploitation
  • Identity verification bypass
  • SIM swapping, vishing & SMS phishing
  • Name-based social engineering
  • Phishing & credential stuffing
  • Physical stalking, mail fraud & identity verification
  • Profile enrichment

Threat Actor: ShinyHunters

ShinyHunters
Credential Theft

Attribution and method are based on available breach intelligence. Reported attack vector: Credential Theft.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Odido breach?

In mid-February 2026, attackers compromised Odido's customer-management (CRM) system after phishing customer-service employees for their credentials and defeating multi-factor authentication through voice-based social engineering, then used automated scripts to exfiltrate data on approximately 6.2…

What data was exposed?

Verified fields include Bank Account Number, Customer Service Records, Date of Birth, Driver's License, Email Address, Full Name, Gender, Government ID, Passport Number, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation