Dutch Telecom Odido Confirms Data Breach Affecting 6.2 Million Customers
Odido, the Netherlands' third-largest mobile carrier, confirms a data breach exposing personal information of 6.2 million customers — including names, addresses, dates of birth, and phone numbers — following unauthorized access to a customer management system.
Odido, the Netherlands' third-largest mobile carrier with approximately 12 million subscribers, has confirmed a data breach affecting 6.2 million customers — roughly half its total subscriber base. The breach exposed names, addresses, dates of birth, phone numbers, and email addresses, though Odido states that financial data and passwords were not compromised.
How It Happened
The breach resulted from unauthorized access to a customer management system through compromised employee credentials. An internal investigation, assisted by external cybersecurity firm Fox-IT, determined that the attacker maintained access to the system for approximately 11 days before detection. The compromised account had broad read access to customer records as part of its normal operational role, enabling the attacker to extract data at scale without triggering volume-based alerts.
Regulatory Response
Odido notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within the 72-hour window required by GDPR and has begun notifying affected customers individually. The Data Protection Authority has opened a preliminary investigation to determine whether Odido's security measures were adequate under GDPR's requirement for "appropriate technical and organizational measures" to protect personal data. If found deficient, Odido could face fines of up to 4% of its annual global turnover.
Impact and Risks
While the breach did not expose financial data, the combination of names, addresses, dates of birth, and phone numbers provides sufficient information for identity theft, SIM swapping attacks, and targeted phishing campaigns. SIM swapping — where an attacker convinces a carrier to transfer a victim's phone number to a new SIM card — is particularly concerning because phone numbers are commonly used as a second factor in two-factor authentication. Odido has implemented additional verification steps for SIM change requests and is offering affected customers free identity monitoring services for 12 months.
Related Articles
NGINX 1.29.6 Adds Native Sticky Sessions and Fixes QUIC Reset Packet Overflow
NGINX 1.29.6 mainline release introduces a sticky-session directive for upstream blocks, enabling cookie-based session affinity without external load balancers and solving session-loss issues during worker restarts. The release also fixes oversized QUIC reset packets and improves SCGI backend proxying.
FreeBSD 14.4 Delivers Post-Quantum SSH, OpenZFS 2.2.9, and Intel E610 Support
FreeBSD 14.4-RELEASE has arrived with OpenSSH 10.0p2 defaulting to hybrid post-quantum key exchange, OpenZFS 2.2.9, and new driver support for Intel Ethernet E610 NICs. The release also adds 9P filesystem support for Bhyve virtualization guests and patches vulnerabilities in OpenSSL and libarchive.
OFC 2026: Coherent and Broadcom Demonstrate 3.2 Terabit-Per-Second Optical Transceivers
At the Optical Fiber Communication Conference in Los Angeles, Coherent and Broadcom have demonstrated 3.2 Tbps optical transceiver modules — doubling the bandwidth of current-generation 1.6T interconnects. The technology is designed for the next wave of AI data center buildouts, where single training runs require moving exabytes of data between thousands of GPUs.