Data of 6,2 million Odido customers leaked in major cyberattack

The data of 6,2 million Odido customers has been leaked after the Dutch internet provider was hit by a major cyberattack. Experts are calling it one of the largest ever data breaches in the Netherlands.

Personal data leaked in Odido cyberattack

Telecom company Odido was targeted in a cyberattack that allowed criminals to access data of 6,2 million account holders. According to NOS, the internet provider thinks the data leaked could include customers’ full names, addresses, phone numbers, customer numbers, email addresses, IBAN (bank account number), dates of birth and the number and expiration dates of identity documents such as passports or driving licences. 

“No passwords, call logs, or billing information were affected,” wrote Odido in a release. The company’s services have also not been disrupted, which means customers can still make calls on their mobile phones, use the internet and watch TV.

Affected customers should receive an email from Odido by Saturday afternoon. 

Odido customers warned to be “extra vigilant”

After the breach was first discovered last weekend, the company terminated the unauthorised access to the system as quickly as possible and called in cybersecurity experts to investigate and implement additional security measures. 

The internet company has warned customers to “be extra vigilant for suspicious and unusual activity”. According to Odido, cybercriminals can use this personal data to contact you posing as the telecom company or send you emails with links or fake invoices. 

Odido has declined to comment on whether the company is being pressured or blackmailed by the hackers. "On the advice of our experts, we are not currently making any statements about the possible identity or background of the attacker."

One of the largest data leaks in the Netherlands

“I can't think of a company that has had so much data leaked,” ethical hacker Sijmen Ruwhof told NOS. This is considered one of the largest data breaches in Dutch history.

With this personal data, criminals can send messages that look legitimate. "Like emails or text messages, where they include your personal information and pose as a legitimate company. Because they have real data about you, such a message looks very authentic and credible," Ruwhof explains.

They can also call companies posing as you with data that identifies you. "Criminals can pose as you without even contacting you, enter into contracts, and commit other forms of fraud."

The Dutch Data Protection Authority (AP) is aware of the data leak and is monitoring whether Odido takes the right steps to address the incident.