Odido

In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Following the incident, 1M records containing 317k unique email addresses were published, with the attackers threatening to leak additional data in the following days. That threat was subsequently carried out, with a further 1M records containing an additional 371k unique email addresses released the next day. The exposed data included names, physical addresses, phone numbers, bank account numbers and notes about customers left by service operators. Odido has published a disclosure notice detailing the extent of the incident and advising that impacted data may also include dates of birth and passport and driver’s licence numbers.