News
Overview: Odido & Ben Data Breach
BlogBreachesResourcesNews
Overview: Odido & Ben Data Breach

Overview: Odido & Ben Data Breach

UpGuard Team
UpGuard Team
February 26, 2026

Key Facts: Odido & Ben Data Breach

  • Date reported: February 12, 2026 (Initial disclosure); Final leak confirmed March 1, 2026.
  • Unauthorized access identified: February 7 and 8, 2026.
  • Target entity: Odido (odido.nl) and its subsidiary brand, Ben.
  • Source of breach: Threat actor group ShinyHunters (via a phishing and social engineering attack).
  • Data types: Names, addresses, IBANs, birth dates, Passport/Driver’s License metadata, and sensitive customer service notes.
  • Status: Critical Leak. All stolen records were published on the dark web after Odido refused a ransom demand.
  • Severity: High; affects over 6.5 million current and former customers and involves permanent identity identifiers.

What happened in the Odido.nl data breach?

Dutch telecommunications giant Odido and its budget brand, Ben, were victims of a massive social engineering attack that culminated in the largest data exposure in Dutch history. Between February 7 and 8, 2026, hackers from the ShinyHunters group used phishing emails and impersonation of IT staff to bypass multi-factor authentication and gain access to a Salesforce customer contact system.

After Odido publicly refused to pay a "low seven-figure" ransom on February 26, the hackers began leaking the data in waves. On March 1, 2026, the group followed through on its ultimate threat, publishing the entire dataset to the dark web. While Odido initially reported 6.2 million victims, the final leak contains data for over 6.5 million people and 600,000 companies, including sensitive residence permits for diplomats and high-profile administrators.

Who is behind the incident?

The group ShinyHunters is responsible. Known for high-profile hits on Ticketmaster and Microsoft, they utilized a "multi-stage" social engineering tactic against Odido. They first stole passwords from individual customer service employees via phishing, then called those same employees pretending to be the Odido IT department to trick them into approving a secondary login request. This allowed them to scrape the Salesforce database undetected for 48 hours.

Impact and risks for Odido.nl customers

Because Odido refused the ransom, the data is now publicly available for purchase by other criminal syndicates. The inclusion of customer service notes—which detail payment disputes, personal guardianship status, and internal fraud warnings—allows for devastatingly accurate spear-phishing.

  • Identity Fraud: With birth dates and ID metadata (numbers and validity dates) now public, the risk of identity theft is permanent.
  • Financial Risk: Exposed IBANs can be used to set up unauthorized direct debits (machtigen).
  • Physical Risk: The leak includes residence permits and sensitive notes about the personal circumstances of millions of Dutch citizens.

Frequently Asked Questions

What happened in the Odido.nl security breach?

Following a social engineering attack in early February 2026, the hacker group ShinyHunters exfiltrated the data of over 6.5 million customers. After the company refused to pay a ransom, the full dataset was leaked to the dark web on March 1, 2026.

When did the Odido.nl breach occur?

The intrusion took place over the weekend of February 7–8, 2026. The company first alerted the public on February 12, and the final data dump occurred on March 1.

What data was exposed?

The confirmed list includes full names, addresses, phone numbers, email addresses, IBAN bank details, dates of birth, and identification metadata (passport and driver's license numbers). Critically, sensitive internal customer service notes were also leaked.

Is my personal information at risk?

If you are a current or former Odido or Ben customer from the last 10 years, your information is likely included in the leak. While Odido claims portal passwords remained encrypted, the hackers claim to have obtained "challenge words" used for phone verification.

How can I protect myself after this data breach?

  • Change your "Verification Word": If you use a secret word to identify yourself to Odido support, change it immediately.
  • Monitor Bank Accounts: Be alert for small, unauthorized direct debits in your banking app.
  • Ignore Unexpected Calls: If someone calls you referencing a past billing issue at Odido, hang up. It is likely a spear-phishing attempt using your leaked customer notes.

What steps should companies take after being impacted by this breach?

Odido has blocked the unauthorized access and reported the breach to the Dutch Data Protection Authority (AP). The incident has triggered a national conversation regarding the security of "human-in-the-loop" systems and the risks of storing sensitive ID metadata in customer support platforms.

How secure is Odido?

Odido (odido.nl) is a leading Dutch telecommunications company and the largest mobile service provider in the Netherlands.
  • Check icon
    View our free preliminary report on Odido’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Odido's score
View score
https://www.odido.nl/
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Wynn Resorts Faces [Second] Class Action Lawsuit Over Data Breach

Wynn Resorts Faces [Second] Class Action Lawsuit Over Data Breach

Wynn Resorts faces federal class action lawsuits after a February 2026 data breach by ShinyHunters. Learn about the 800,000 compromised records, legal allegations of negligence, and potential risks for both employees and customers.
UpGuard Team
UpGuard Team
February 25, 2026
Data breach reported by University of Hawaiʻi Cancer Center

Data breach reported by University of Hawaiʻi Cancer Center

A data breach involving University of Hawaii Cancer Center was reported in February 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
February 28, 2026
Multiple Mexican Government Agencies Data Breach

Multiple Mexican Government Agencies Data Breach

A data breach involving SAT was reported in February 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
February 26, 2026
Critical Juniper Networks RCE CVE-2026-21902

Critical Juniper Networks RCE CVE-2026-21902

Juniper Networks disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2026-21902). Learn the details and how to respond if you're impacted.
UpGuard Team
UpGuard Team
February 26, 2026
Overview: ManoMano Data Breach

Overview: ManoMano Data Breach

A data breach involving ManoMano was reported in February 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
February 25, 2026
Data breach reported for Pyramid Advisors Limited Partnership d/b/a Pyramid Global Hospitality

Data breach reported for Pyramid Advisors Limited Partnership d/b/a Pyramid Global Hospitality

A data breach involving Pyramid Global Hospitality was reported in February 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
February 25, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating