Dutch telecommunications provider for mobile, broadband, and TV services.
In mid-February 2026, attackers compromised Odido's customer-management (CRM) system after phishing customer-service employees for their credentials and defeating multi-factor authentication through voice-based social engineering, then used automated scripts to exfiltrate data on approximately 6.2 million current and former customers. Exposed fields reportedly included names, addresses, phone numbers, email addresses, dates of birth, customer numbers, bank account (IBAN) numbers, and passport, driver's license and national ID numbers. After Odido declined a roughly EUR 1 million ransom, the threat actor ShinyHunters released the dataset in stages beginning around March 1, 2026 across dark-web forums including BreachForums. The breach is cataloged by Have I Been Pwned and DataBreach.com and confirmed by Odido.
ObscureIQ assessment: Severe risk of phishing, SIM swap attacks, account takeover, and identity fraud. Telecom records are especially dangerous because they can be used to pivot into other accounts.
The breach exposed a highly sensitive combination of identity, contact, and financial identifiers for roughly 6.2 million current and former customers, including bank account (IBAN) numbers and government-issued ID numbers. For a national carrier, exposure at this scale creates lasting account-security and fraud risk for a large share of the Dutch population, erodes subscriber trust, and carries significant regulatory and reputational consequences given the volume and sensitivity of the data and the public extortion and leak that followed.
Odido is the largest telecommunications operator in the Netherlands, providing mobile, broadband, and TV services to consumer and business subscribers. It was formed in 2023 when T-Mobile Netherlands and Tele2 Netherlands were merged and rebranded as Odido under owners Apax Partners and Warburg Pincus. As a national carrier it runs retail, billing, and customer-management systems supporting millions of active accounts across the country.
Telecommunications providers collect subscriber identity, phone numbers, billing records, service addresses, device data, and account-management information across mobile and broadband services.
Odido continues to operate as the Netherlands' largest mobile network. After the February 2026 compromise of its customer-management system it disclosed the incident publicly, published a customer FAQ, and declined to pay the attackers' ransom demand. The breach has drawn regulatory scrutiny under Dutch data-protection authorities and prompted at least one class-action claim on behalf of affected customers.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Credential Theft.
If you believe your information may be included:
In mid-February 2026, attackers compromised Odido's customer-management (CRM) system after phishing customer-service employees for their credentials and defeating multi-factor authentication through voice-based social engineering, then used automated scripts to exfiltrate data on approximately 6.2…
Verified fields include Bank Account Number, Customer Service Records, Date of Birth, Driver's License, Email Address, Full Name, Gender, Government ID, Passport Number, Phone Number, Physical Address.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation