The Dutch branch of Odido has been hit by a cyberattack, exposing personal information of over 6.2 million customers. The telecom company advises victims to stay alert for any phishing attempts.
According to Odido, the first clues of unauthorized access to the company’s customer relationship management system were detected over the weekend, on the 7th and 8th of February.
The attackers successfully downloaded the personal data of 6.2 million customers. This included full names, postal addresses, telephone numbers, customer IDs, bank account numbers, dates of birth, and government-issued ID numbers, such as passports and driver’s licenses.
No passwords, phone records, location data, invoice details, or scans of ID documents have been exfiltrated, the telecom provider states.
As is required by law, all relevant authorities, including the Dutch privacy and data protection authority (AP), have been informed of the incident. Affected customers have received an email or text message to explain what happened.
“We take this incident very seriously. Immediately after discovering the data breach, we blocked the unauthorized access to the customer relationship management system, implemented additional security measures, scaled up monitoring of unusual activities, and raised employee awareness of cybercriminal activities and methods,” Odido says in a press release.
The telecom provider is warning that scammers can abuse the stolen data to pretend to be a trustworthy company, send fake invoices, or launch a phishing campaign to obtain even more information. What they can’t do is use your passwords, look at your call history, or track your location. Nevertheless, victims should be vigilant for unfamiliar activities.
“We deeply regret this incident and are fully committed to minimizing its impact and providing our customers with all the necessary support. It’s important to emphasize that our operational services have not been affected; customers can continue to make calls, use the internet, and watch TV safely,” Odido reassures.
As of writing, none of the stolen data has been published on the internet or the dark web. No ransomware operation has claimed responsibility for the data breach.
Unlock more exclusive Cybernews content on YouTube
Your email address will not be published. Required fields are markedmarked