ShellCodeX
Tools β€’ Events β€’ News β€’ Insights
ShellCodeX Breach Report

Odido Data Breach

odido.nl
Significant exposure
Verified breach
Accounts exposed 6,077,025
Breach date 12 Feb 2026
Added to tracker 26 Feb 2026
Data classes 11

What happened

In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, driver’s licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.

Exposed data

Bank account numbers Customer service records Dates of birth Driver's licenses Email addresses Genders Government issued IDs Names Passport numbers Phone numbers Physical addresses

Recommended actions

  • Watch for targeted phishing emails referencing Odido β€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk β€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP