Odido Data Breach: 21 Million Records Exposed, Including Sensitive ID Information

A massive data breach at Dutch telecom provider Odido and its subsidiary, Ben, has compromised the personal information of approximately 21 million customers. The breach, claimed by the cybercriminal group ShinyHunters, includes sensitive data such as names, home addresses, telephone numbers, bank account numbers (IBANs), and identification document details like passport and driver’s license numbers [Cybersecurity News], [Cybernews].

Data Now Publicly Available

Odido opted not to negotiate with ShinyHunters, leading to the public release of all stolen data. This includes a particularly concerning combination of IBANs and identification document numbers, which are rarely leaked together and highly sought after by criminals for fraudulent activities [Bleeping Computer], [Hackread].

Check if Your Data Has Been Compromised

Individuals concerned about potential exposure can check if their data has been included in the breach using the website Have I Been Pwned, a resource recommended by security experts. The website has seen a surge in traffic from Dutch users, with nearly 2 million checks performed in recent days [Cybernews].

More Sensitive Data Than Initially Reported

Investigations have revealed that the data breach extends beyond standard personal information. It also includes identification data from residence and privileged documents, such as IDs for diplomats and embassy staff. Citizen service numbers (BSN) and sensitive information related to victims of domestic violence and stalking were also compromised [Cybernews].

Veilig Thuis, the national reporting center for domestic violence, has warned that perpetrators, particularly ex-partners, actively seek this type of information, posing a direct threat to the safety of vulnerable individuals [Cybernews].

What to Do Now

Experts anticipate that criminals will exploit the stolen data for various fraudulent schemes, including phishing attacks and scams, over the coming months and years. Individuals are advised to be vigilant for suspicious communications purporting to be from their bank, the government, or Odido, and to monitor their bank accounts for any unauthorized transactions.

Key Takeaways

• Approximately 21 million Odido and Ben customers have had their data compromised.
• The leaked data includes sensitive information like bank account details and identification document numbers.
• Individuals can check if their data has been breached using Have I Been Pwned.
• The breach includes sensitive data related to diplomats and victims of domestic violence.
• Increased vigilance against phishing scams and fraudulent activity is crucial.