The Odido hack: what happened and what can be learned from it

In early February 2026, the Netherlands was shocked by one of the largest data breaches in Dutch history. Telecom provider Odido was hit by a cyberattack in which data from no fewer than 6.2 million customer accounts fell into the hands of criminals. Customers of subsidiary brand Ben were also affected.

What data was compromised?

Highly sensitive personal data fell into the wrong hands: names, addresses, telephone numbers, email addresses, account numbers, dates of birth, and passport and driving licence numbers. Fortunately, passwords, call data and billing information were not compromised.

How did the criminals gain access?

The attack was carried out using a sophisticated combination of phishing and social engineering. Criminals first obtained employees’ passwords and then called them, pretending to be from the internal IT department. They convinced employees to approve a fraudulent login attempt and bypass the extra security step. Once inside, customer data was automatically extracted from the system on a large scale. In addition, Odido was found to be storing data from former customers for longer than its own privacy statement allows. Customers who had switched providers five to ten years ago still received a notification. This is a sign of seriously flawed data management.

Could they have prevented this?

Complete prevention? In the world of cybersecurity, that is rarely a guarantee. But the damage could have been significantly limited and the attack could have been stopped earlier. This was not a sophisticated technical operation. It was a targeted attack on the weakest point in virtually every organisation: people. Criminals did not have to break through any walls because they were let in. That makes this incident particularly painful because it was largely avoidable.

There were clear areas for improvement in terms of access control. The principle of least privilege, whereby employees only have access to what they strictly need for their job, could have greatly limited the impact. If a compromised customer service representative’s account gives access to millions of customer records at once, there is something fundamentally wrong with the design of the access rights.

A well-configured anomaly detection system could have limited the attack after the criminals had already gained access. The automated downloading of large amounts of customer data is exactly the kind of anomalous behaviour that stands out in a well-monitored environment. Early detection would have shortened the response time and drastically limited the damage.

Take control of your data!

The hack at Odido shows how quickly things can go wrong when unusual behaviour goes unnoticed. An employee logging in outside working hours, an account suddenly accessing thousands of customer records, files being downloaded unusually often – these are signs that should not be overlooked.

Fryqua provides solutions that detect precisely this type of behaviour. Whether it concerns anomalies in access control, unusual file usage or suspicious digital behaviour, our solution flags it in real time, allowing you to act quickly to limit the damage.

Curious about what we can do for your organisation? Schedule a no-obligation appointment and discover how smart detection can help you stay one step ahead of the threat.