In a security advisory from Odido, the company says attackers accessed its customer contact system during a cyberattack detected on the weekend of February 7 and exposed personal data for about 6.2 million customers.
KEY FACTS
- Incident Cyberattack on a customer contact system
- Customers affected About 6.2 million
- Exposed data Names, addresses, phone numbers, customer numbers, email addresses, IBANs, dates of birth, and ID numbers
- Not affected Passwords, call logs, location data, invoice details, and scans of identification documents
- Response Unauthorized access blocked and breach reported to the Dutch Data Protection Authority
Attackers breached the customer contact system and downloaded records. Detection occurred on the weekend of February 7 and unauthorized access was blocked promptly.
Exposed information varies by customer and may include full name, address and place of residence, mobile number, customer number, email address, IBAN, date of birth, and passport or driver’s licence number and validity.
Passwords, call records, location data, invoice details, and scans of identification documents were not affected. Impacted customers will be emailed and notifications should arrive within 48 hours.
The organisation has strengthened security controls, increased monitoring for suspicious activity, engaged external cybersecurity experts, and reported the breach to the Dutch Data Protection Authority.
WHY IT MATTERS
Large volumes of exposed personal data increase the risk of identity theft and fraud for affected customers. Receiving a direct notification will allow customers to take steps such as monitoring financial accounts and communications for suspicious activity.