One million Dutch Telco Odido records were made available online following an attempt at extortion.

Data Breach at Odido After a failed extortion attempt in February 2026, cybercriminals released over a million customer records online, causing a significant data breach at Odido, one of the leading telecommunications companies in the Netherlands This article explores data breach odido. . The attack, which first surfaced when the perpetrators released an initial tranche of about 1 million records containing 317,000 unique email addresses, is thought to have been carried out by the threat actor group ShinyHunters.

The attackers explicitly threatened to release more data if their demands were not fulfilled. As promised, another 1 million records were made public the next day, revealing 371,000 more distinct email addresses.

Approximately 688,100 customer accounts have been confirmed to be impacted by the breach, and the compromised data includes both current and former Odido subscribers. What Information Was Made Public The compromised dataset is extremely sensitive and includes a large amount of financial and personally identifiable data. Records that are exposed include: Complete names and physical addresses Email addresses and phone numbers Numbers for bank accounts Birth dates Numbers from driver's licenses and passports Comments from Odido support operators regarding internal customer service The addition of government-issued identification and bank account numbers The risk of financial fraud, identity theft, and targeted phishing campaigns is greatly increased for those who are impacted by document details.

Odido has acknowledged the breach and informed customers about possible exposure in an official security disclosure notice posted on its website. A subset of affected users may have had their dates of birth, driver's license numbers, and passport details exposed along with their contact and financial information, the company confirmed, even though not all compromised records contain the entire range of sensitive fields. On February 26, 2026, the breach was added to the Have I Been Pwned (HIBP) database, allowing users to verify if their personal information and login credentials were included in the compromised dataset.

Customers of Odido are urged to take the following immediate precautions, especially if their accounts are older than 2026: Keep an eye out for unauthorized transactions in bank accounts. Watch out for suspicious calls or phishing emails that pose as Financial institutions or Odido Think about sending their bank a fraud alert. Use the HIBP platform at haveibeenpwned.com to examine their exposure.

On connected accounts, change passwords and turn on multi-factor authentication. This incident highlights the ongoing threat posed by extortion-based data breach attacks that target telecom companies, which have extensive repositories of financial and personal customer data. For daily cybersecurity updates, check out LinkedIn and X. To have your stories featured, get in touch with us.