New Delhi: Hackers have gained unauthorised access to sensitive customer information linked to as many as 6.2 lakh accounts at Dutch telecom operator Odido, triggering one of the country’s largest reported data breaches in recent years.
The company confirmed on Thursday that attackers infiltrated its client contact system, exposing a wide range of personal details. Odido’s subsidiary Ben has also warned its customers that their data may have been compromised.
According to Odido, the accessed information includes full names, home addresses, phone numbers, email IDs, bank account details, dates of birth, and passport or ID card numbers. The company said the breach does not involve passwords, call records, billing data or scanned copies of identity documents.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The intrusion was detected last weekend and immediately reported to the Dutch privacy regulator, Autoriteit Persoonsgegevens. Odido said it acted swiftly to contain the incident.
“The unauthorised access to the system was ended as quickly as possible,” the company said in a statement, adding that external cybersecurity specialists have been brought in to strengthen defences and implement additional security measures.
High-value data for cybercriminals
Technology experts warn that the exposed data set is particularly attractive to criminals. NOS tech reporter Stan Hulsen said the stolen information could easily be weaponised for targeted scams, including fake payment demands, impersonation attempts and identity fraud.
With verified personal and banking details in hand, attackers could launch convincing phishing campaigns posing as Odido, banks or government agencies — significantly increasing the chances of victims falling for fraudulent messages.
At this stage, it remains unclear whether all Odido customers have been affected. The company has also declined to confirm whether it is facing extortion or blackmail demands from the hackers, according to Dutch tech publication Tweakers.
Customers urged to stay alert
Both Odido and Ben have advised users to be extra cautious over the coming weeks, warning of potential follow-on attacks. Customers have been asked to closely check sender addresses on emails and verify phone numbers on text messages claiming to come from Odido, their bank or other institutions.
Security specialists recommend avoiding links in unsolicited messages, never sharing one-time passwords, and contacting customer support directly through official channels if anything appears suspicious.
Industry observers say the breach highlights how telecom databases — which often combine identity, contact and payment information — have become prime targets for cybercriminal groups seeking large volumes of monetisable data in a single strike.
Regulatory scrutiny likely
With millions potentially affected, the incident is expected to draw close scrutiny from Dutch regulators. Under European data protection rules, companies can face substantial penalties if investigations find inadequate safeguards or delayed disclosure.
For now, Odido says it is continuing its internal probe to determine exactly how the attackers gained access and how many customers were impacted. Impacted users are expected to receive direct notifications as the assessment progresses.
Cybersecurity professionals warn that large-scale breaches like this rarely end with the initial intrusion. Stolen data is often resold on underground forums or reused in waves of fraud months later — making long-term vigilance essential.
As telecom networks become increasingly digitised, experts stress that customer databases must be treated as critical infrastructure. Even a single lapse, they say, can expose millions to financial loss and identity theft.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
