Dutch telecom confirms hackers accessed names, IBANs, and government ID data in one of the country’s largest breaches
Dutch telecom giant Odido has confirmed a sweeping data breach impacting more than 6.2 million customers, roughly a third of the Netherlands’ population.
Unidentified hackers infiltrated the company’s customer contact system and quietly extracted large volumes of personal data, Odido said Thursday.
The scale makes it one of the most significant telecom breaches in the country’s recent history.
What Was Stolen — and What Wasn’t
According to Odido, the stolen data includes:
- Customer names, phone numbers, postal and email addresses
- Dates of birth
- Bank account numbers (IBAN)
- Government ID details, including passport or driver’s license numbers and validity dates
The breach also affects former customers who had service within the past two years.
Odido said the attackers did not access:
- Call records or location data
- Billing information
- Image scans of government IDs
- Business customer data
Both Odido and its subsidiary Ben NL confirmed that core operations — including phone, internet, and television services — remain unaffected.
Still, the nature of the exposed information raises serious fraud risks. With IBANs and ID numbers in hand, attackers could attempt identity theft or financial scams. In cybersecurity terms, this is the kind of dataset criminals trade like currency.
Telecoms: A High-Value Target
Telecom providers sit on vast stores of verified identity data. That makes them prime targets for both financially motivated hackers and state-backed espionage groups.
This breach follows a string of global telecom intrusions.
Earlier this week, Singapore’s government disclosed that a China-linked hacking group had infiltrated four major telecom providers as part of a surveillance operation. Officials said no customer personal data was accessed.
Meanwhile, hackers associated with the China-backed group known as Salt Typhoon have breached hundreds of telecom companies worldwide.
- Target countries include Canada, Norway, the U.K., and the U.S.
- The campaign focuses on spying on senior government officials and diplomats
Against that backdrop, Odido’s breach fits into a broader pattern: telecom infrastructure as a frontline in digital espionage.
The Fallout Ahead
Odido has not publicly identified the perpetrators or said when the breach was first detected. The company also has not detailed how long attackers had access to its systems.
For affected customers, the immediate concern is fraud prevention. For regulators, the issue is systemic risk. Telecom databases hold identity-level data at national scale — the digital equivalent of a passport office combined with a bank vault.
As investigations unfold, one question looms: can telecom operators defend the data that governments, banks, and consumers all rely on?
TL;DR:
Odido confirmed hackers stole personal data from 6.2 million customers after breaching its customer contact system. Exposed data includes names, addresses, IBANs, and government ID details. Core services were unaffected. The breach follows a global wave of telecom-targeted cyberattacks.
