Hackers pose as IT department to break into Odido’s systems
Dutch mobile operator Odido has disclosed a cyberattack that exposed personal data for around 6.2 million people, including its own customers and those of MVNO brand Ben NL. Leaked details include names, addresses, phone numbers, and bank account numbers, but not passwords, call logs, or billing data. Odido has reported the incident to the Dutch Data Protection Authority and says it has cut off unauthorised access and brought in external cybersecurity specialists.
The company has not publicly confirmed how the intrusion occurred, but Dutch broadcaster NOS, citing anonymous sources, reports that attackers used social engineering. According to that account, hackers first targeted customer service staff with phishing emails, then called them while posing as Odido’s IT department, persuading them to approve fraudulent login attempts. The employees involved are reported to include external call centre workers based outside the Netherlands. Odido has advised customers to watch for suspicious calls and messages.