Hacker working in the dark showing cyber attack on Dutch telecom

Cyber Attack on Dutch Telecom Giant Odido Exposes Customer Data of 6.2 Million

Customer data from over 6 million people was exposed in a cyber attack on the largest Dutch telecommunications company, Odido, formerly known as T-Mobile Netherlands and Tele2 Netherlands.

“Odido has been hit by a cyberattack, which compromised customer data,” the company stated.

According to a statement on its website, the telecom giant detected the cybersecurity incident on February 7 and launched an investigation, assisted by external cyber forensics.

Cyber attack leaked extensive customer data

The investigation determined that the cyber attack affected a contact system it uses to communicate with its clients.

It leaked extensive customer data, including full names, addresses, mobile numbers, customer numbers, email addresses, IBAN numbers, dates of birth, and government-issued IDs such as passport or driver’s license number and their validity.

Cybercriminals could use that information to craft compelling phishing messages or verify the identities of impacted users to conduct more serious cyber attacks, such as SIM swaps.

However, the leaked customer data did not include account passwords, call records, location data, billing information, or scans of identification documents.

Similarly, the cyber attack did not disrupt the company’s internal or customer-facing services, thus ruling out a ransomware attack.

“It is important to emphasize that our operational services have not been affected; Customers can continue to call, use the internet and watch TV safely,” it said in an autotranslated statement.

Meanwhile, Odido advises impacted customers to remain vigilant for unsolicited emails and text messages purporting to originate from the company, as well as for any suspicious account activity.

Telecom service provider Odido quickly resolved the cyber attack

In response, Odido acted swiftly to terminate the threat actor’s access, increased system monitoring to detect suspicious activity, and took additional steps to strengthen its security controls.

The service provider also hired external cybersecurity experts to assist with incident response and mitigation efforts. It also contacted the victims within 48 hours and notified the Dutch Data Protection Authority (AP).

Additionally, the telecom giant took unspecified steps to limit the impact of the cyber attack and to support individuals whose customer data was leaked.

So far, there is no evidence that the compromised customer data has been misused, and the service provider has not attributed the cyber attack to any hacking group. Similarly, the company has not disclosed whether the attacker has demanded any ransom to avoid publishing the stolen customer data online.

However, local news outlet NU.nl reported that the threat actor had contacted the telecommunications company and claimed to have stolen millions of records. According to the company, the data breach affected 6.2 million of its 7 million customers. Ben, one of Odido’s subsidiaries, was also affected but not Simpel.

“What makes the situation more troubling is that the threat actors themselves contacted Odido to alert them that they had stolen millions of records, prompting the company to block the unauthorized access. By then, the data had already been taken, showing the cost of waiting to react instead of maintaining constant detection,” said Steve Cobb, Chief Information Security Officer at SecurityScorecard.

Cybercriminals frequently target telecommunications companies

Telecommunications companies are attractive targets for cyber attacks due to the vast amounts of valuable customer data they collect and store.

In April 2025, a cyber attack hit SK Telecom, South Korea’s largest telecommunications service provider, exposing the personal information of over 23 million subscribers. The incident resulted in the company being fined $97.2 million (KRW 134.8 billion) for allegedly failing to stop the cyber attack.

In July 2024, AT&T, the third-largest wireless telecommunications carrier in the United States, reported that a cyber attack had exposed 109 million customer records, including FBI call logs.

In 2022, hacking group Lapsus$ breached America’s second-largest wireless carrier, T-Mobile, using compromised credentials and downloaded source code repositories.