Odido Data Breach 2026: 6.2 Million Customer Records Exposed in CRM System Hack
Dutch telecom provider Odido has confirmed a major cybersecurity incident impacting approximately 6.2 million customer accounts. Attackers gained unauthorized access to the company’s Customer Relationship Management (CRM) system used for handling client contact data.
The incident was detected during February 7–8, 2026 and was immediately reported to the Dutch privacy regulator, Autoriteit Persoonsgegevens (AP).
What Happened?
Attackers infiltrated Odido’s customer contact system — a centralized CRM database storing identity and communication information used by support teams.
This was not a random malware infection. It was a structured compromise of a telecom CRM database containing verified customer records.
Scope of Impact
| Data Category | Status |
|---|---|
| Full Name & Address | Exposed |
| Email & Phone Number | Exposed |
| IBAN Bank Account Numbers | Exposed |
| Passport / ID Numbers | Exposed |
| Passwords | Not Exposed |
| Call Logs & Billing Records | Not Exposed |
Even without passwords being stolen, the exposure of IBAN and identity data significantly increases fraud risk.
Immediate Safety Checklist
- Enable real-time transaction alerts
- Monitor IBAN-linked transactions
- Activate two-factor authentication
- Never share OTP codes
- Verify suspicious calls and emails
Frequently Asked Questions
How many customers were affected?
Approximately 6.2 million accounts were impacted.
Were passwords leaked?
No. Passwords and call logs were not exposed.
How did attackers gain access?
Likely through social engineering targeting internal CRM systems.
What should customers do now?
Monitor bank accounts, enable alerts, and activate 2FA immediately.
This FAQ summarizes key concerns regarding the Odido Data Breach 2026. Customers are advised to remain vigilant and follow official updates.
