A major data breach has hit Odido, one of the Netherlands’ prominent telecommunications providers, with cybercriminals publishing over one million customer records online following a failed extortion attempt in February 2026.
The threat actor group ShinyHunters is believed to be behind the attack, which came to light when the perpetrators first released an initial tranche of approximately 1 million records containing 317,000 unique email addresses.
The attackers issued an explicit warning that additional data would be leaked if their demands were not met. True to their threat, the following day saw a second release of a further 1 million records, exposing an additional 371,000 unique email addresses.
In total, the breach has been confirmed to affect approximately 688,100 customer accounts, with the compromised data spanning both current and former Odido subscribers.
What Data Was Exposed
The leaked dataset is notably sensitive, containing a wide range of personally identifiable and financial information. Exposed records include:
- Full names and physical addresses
- Phone numbers and email addresses
- Bank account numbers
- Dates of birth
- Passport numbers and driver’s licence numbers
- Internal customer service comments written by Odido support operators
The inclusion of bank account numbers and government-issued identity document details significantly elevates the risk for affected individuals, opening the door to financial fraud, identity theft, and targeted phishing campaigns.
Odido has published an official security disclosure notice on its website acknowledging the breach and advising customers on potential exposure. The company confirmed that while not all compromised records contain the full scope of sensitive fields, a subset of impacted users may have had passport details, driver’s licence numbers, and dates of birth exposed alongside their contact and financial information.
The breach was added to the Have I Been Pwned (HIBP) database on February 26, 2026, enabling users to check whether their credentials and personal data appeared in the leaked dataset.
Odido customers, particularly those with accounts predating 2026, are advised to take immediate precautions:
- Monitor bank accounts for unauthorized transactions
- Be alert to phishing emails or suspicious calls impersonating Odido or financial institutions
- Consider placing a fraud alert with their bank
- Check their exposure via the HIBP platform at haveibeenpwned.com
- Update passwords and enable multi-factor authentication on linked accounts
This incident reinforces the persistent threat posed by extortion-based data breach attacks targeting telecom providers, which hold rich repositories of personal and financial customer data.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
