Odido Breach: 688K Accounts Exposed

Overview

In February 2026, the Dutch telecommunications provider Odido suffered a significant data breach. The company was targeted by cybercriminals who stole customer data and attempted to extort Odido. When their demands were not met, the attackers published the stolen information online in two separate releases over consecutive days. In total, approximately 688,102 customer accounts were compromised. Odido has issued a formal notice confirming the incident and warning that the scope of exposed data is severe.

What Was Exposed

The breach exposed a highly sensitive array of personal information. The confirmed data includes:

• Email addresses
• Full names
• Phone numbers
• Physical addresses
• Dates of birth
• Bank account numbers
• Internal notes about customers made by service operators

Odido has also advised that the breach may additionally include passport and driver’s licence numbers. This combination creates a near-complete profile of an individual.

Potential Impact

The exposure of this data poses a high risk to affected individuals. With names, addresses, birth dates, and government ID numbers, criminals can commit identity theft, apply for credit fraudulently, or attempt to take over other online accounts. Bank account numbers increase the risk of direct financial fraud and unauthorized transactions. The internal notes could be used for highly targeted phishing scams or social engineering attacks, where criminals use personal details to appear legitimate and trick you into revealing passwords or sending money.

Recommendations

If you are or have been an Odido customer, take these steps immediately:

1. Monitor Financial Accounts: Scrutinize your bank statements and transaction alerts for any unauthorized activity. Consider setting up new account numbers with your bank if you are highly concerned.
2. Beware of Targeted Phishing: Be extremely cautious of emails, texts, or calls that reference your Odido account, address, or other exposed details. Do not click on links or provide passwords. Always contact the company directly using a verified phone number or website.
3. Place a Fraud Alert: Contact a national credit bureau to place a free fraud alert on your credit file. This makes it harder for someone to open new accounts in your name.
4. Change Passwords: Update the passwords for your email account and any other online accounts where you used the same or a similar password as your Odido account. Use strong, unique passwords for each site.
5. Report Suspicious Activity: If you see signs of identity theft, report it to your local law enforcement and the Dutch national fraud authority.

How to Check If You’re Affected

This breach has been reported to the free notification service “Have I Been Pwned.” To check if your email address was included in the Odido data breach, visit the website: https://haveibeenpwned.com/Breach/Odido. You can enter your email address to see if it appears in the leaked data. All current and former Odido customers should take this precautionary step.