Dutch mobile phone carrier Odido has disclosed a data breach impacting the personal information of over 6 million customers.
The incident, the company said in a notice, occurred on February 7-8 and involved unauthorized access to a customer contact system. Customers of both Odido and its subsidiary Ben were affected.
During the attack, the hackers stole customer information such as names, addresses, phone numbers, email addresses, dates of birth, customer numbers, bank account numbers, and passport or driver’s license numbers and validity.
The mobile phone carrier said its services have not been impacted by the incident and that no passwords, call records, or invoice data were compromised in the attack.
Odido said it immediately closed the attackers’ access to its systems, implemented additional security measures, and notified the relevant authorities of the incident.
The company is notifying the affected users directly, via email or phone, and urged customers to be wary of suspicious and unusual activities, such as phishing.
Odido noted that it was not aware of the stolen information being published online, adding that it continues to monitor the web in collaboration with cybersecurity experts.
“We cannot rule out that leaked data may be published or misused at some point. We advise all customers to remain very alert to unusual activities or contacts,” the mobile phone carrier said.
According to Odido’s incident notice, not all users were affected. A company representative reportedly told local media that roughly 6.2 million people might have been impacted.
The mobile phone carrier has not shared details on the threat actor behind the attack and no known extortion group appears to have claimed responsibility for it.
SecurityWeek has emailed Odido for additional information on the data breach and will update this article if the company responds.
Related: ApolloMD Data Breach Impacts 626,000 Individuals
Related: European Commission Investigating Cyberattack
