Massive Data Breach at Dutch Telecom Provider Odido Exposes 6.2 Million Accounts Dutch telecom provider Odido has reported one of the largest data breaches in the Netherlands, with sensitive information from 6.2 million customer accounts compromised. The company began notifying affected users on Thursday at 12 p.m., though the exact number of impacted individuals remains unclear as the investigation continues. The stolen data varies by account but may include full names, addresses, phone numbers, email addresses, IBAN bank account numbers, dates of birth, and passport or driver’s license numbers a combination cybersecurity experts describe as unusually valuable for criminals. Notably, passwords, call logs, location data, billing details, and ID document scans were not accessed. Ethical hacker Sijmen Ruwhof warned that the breach poses severe risks, including highly convincing phishing attacks where criminals use real customer details to impersonate legitimate companies. Fraudsters could also exploit the data to bypass authentication checks, taking out contracts or committing financial fraud in victims’ names. Matthijs Koot, another security expert, highlighted the risk of helpdesk fraud, bank scams, and targeted espionage, noting that hostile intelligence services could use the data to track politicians, government employees, or critical infrastructure workers. The breach also raises concerns about stalking, doxxing, and organized crime, as criminals including drug offenders could use the data to identify individuals using regular phone subscriptions. Ruwhof criticized Odido’s security measures, stating that the scale of the leak suggests a failure in cybersecurity controls at the time of the incident. While the company has not disclosed whether hackers made ransom demands, experts warn the data could be sold or used for extortion. Odido CEO Tisha van Lammeren emphasized that notifications were delayed to avoid misinformation but did not comment on the adequacy of the company’s security. She acknowledged the sophistication of cybercriminals while reiterating that customer safety remains the top priority. The full impact of the breach is still under assessment.

On June 3, 2024, the Washington State Office of the Attorney General reported a data breach involving Rotech Healthcare (Philips Respironics, Inc.) that occurred on May 31, 2023. The breach, identified as a cyberattack involving ransomware, affected approximately 2,802 individuals and potentially compromised personal information including name, full date of birth, health insurance policy or ID number, medical information, and other unspecified data.