Dutch phone giant Odido says millions of customers affected by data breach

Dutch phone company Odido has confirmed a data breach affected millions of its customers.

The company said in a statement Thursday that unidentified hackers gained access to its customer contact system and covertly downloaded reams of customer information. A spokesperson for Odido told local Dutch media that the breach affects more than 6.2 million customers, or about a third of the country’s population.

The stolen data includes customer names, phone numbers, postal and email addresses, dates of birth, bank account numbers (IBAN), and details of customers’ government-issued IDs, such as passport or driver’s license numbers and dates of validity.

The company said former customers who had service within the past two years may also be affected.

Odido said the data did not include customer call records, location data, billing information, or image scans of government IDs. The data does not affect business customers, the company said.

The breach affects customers of both Odido and its subsidiary Ben NL. Both companies said that their phone, internet, and television operations were unaffected by the breach.

This is the latest in a series of data thefts targeting phone and telecommunication giants in recent years, as governments and financially motivated hackers continue to seek highly confidential information that telcos have on their customers.

Earlier this week, the Singaporean government confirmed that a China-related hacking group had previously broken into four of the country’s top phone giants as part of a surveillance operation, but did not access customers’ personal information.

All the while, hackers associated with the China-backed threat group known as Salt Typhoon have hacked hundreds of phone companies around the world, including in Canada, Norway, the United Kingdom, and the United States, as part of an ongoing espionage campaign aimed at spying on senior government officials and diplomats.