CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Odido Data Breach Exposes 6.2 Million Customer Records

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Dutch telecommunications provider Odido suffered a cyberattack that exposed personal data of 6.2 million customers. The breach occurred in their customer contact system, but no passwords, call logs, or billing information were affected. The company detected the incident on February 7 and has since taken steps to secure their systems and notify affected customers. The exposed data includes full names, addresses, mobile numbers, customer numbers, email addresses, IBANs, dates of birth, and identification data. Odido has reported the breach to the Dutch Data Protection Authority and is working with external cybersecurity experts to mitigate the incident.

Timeline

  1. 12.02.2026 20:18 2 articles · 4d ago

    Odido Data Breach Exposes 6.2 Million Customer Records

    On February 7, Odido detected a cyberattack that breached their customer contact system, exposing personal data of 6.2 million customers. The company has since blocked unauthorized access, strengthened security controls, and reported the breach to the Dutch Data Protection Authority. Affected customers are being notified via email.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

SitusAMC Data Breach Exposes Client and Customer Information

SitusAMC, a real-estate finance services provider for major banks, disclosed a data breach on November 12, 2025, that compromised client and customer data. The breach impacted accounting records, legal agreements, and potentially customer data. The company is still investigating the extent of the breach and has not identified the attackers or the exact methods used. SitusAMC confirmed that no ransomware was deployed and business operations remain unaffected. The company is contacting affected clients and customers individually.

Open in new tab

Renault and Dacia UK Customers Affected by Third-Party Data Breach

Renault and Dacia UK customers have been notified of a data breach affecting personal information shared with a third-party provider. The breach exposed full names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers, and vehicle registration numbers. The third-party provider has isolated the incident and removed the threat from its networks. The affected customers are advised to be vigilant against potential phishing and social engineering attacks. The number of impacted customers and the identity of the third-party provider have not been disclosed. The breach follows a significant cyberattack at Jaguar Land Rover in the UK, which disrupted operations for nearly a month, and is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER.

Open in new tab

Crimson Collective targets multiple organizations including Red Hat and Brightspeed for data theft and extortion

The Crimson Collective has been targeting various organizations, including Red Hat and Brightspeed, for data theft and extortion. The group claims to have breached Red Hat's private GitLab repositories, stealing nearly 570GB of data across 28,000 internal projects, including 800 Customer Engagement Reports (CERs) containing sensitive information about customer networks and platforms. The breach occurred approximately two weeks prior to the announcement. The hackers claim to have accessed downstream customer infrastructure using authentication tokens and other private information found in the stolen data. The affected organizations span various sectors, including finance, healthcare, government, and telecommunications. Red Hat has initiated remediation steps and stated that the security issue does not impact its other services or products. The hackers published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on Telegram. The Centre for Cybersecurity Belgium (CCB) has issued an advisory stating there is a high risk to Belgian organizations that use Red Hat Consulting services. The CCB also warns of potential supply chain impact if service providers or IT partners worked with Red Hat Consulting. The CCB advises organizations to rotate all tokens, keys, and credentials shared with Red Hat or used in any Red Hat integrations, and to contact third-party IT providers to assess potential exposure. The ShinyHunters gang has now joined the extortion attempts against Red Hat, partnering with the Crimson Collective. ShinyHunters has released samples of stolen CERs on their data leak site and has set an October 10th deadline for Red Hat to negotiate a ransom demand to prevent the public leak of stolen data. The breach is part of a series of supply chain threats involving compromised code repositories. In May 2024, threat actors exploited a critical vulnerability (CVE-2023-7028) to take over GitLab accounts. GitLab disclosed and patched two similar vulnerabilities (CVE-2024-5655 and CVE-2024-6385) that jeopardized customers' CI/CD pipelines. Nissan Motor Co. Ltd. has confirmed that information of approximately 21,000 customers has been compromised due to the Red Hat breach. The leaked data includes full names, physical addresses, phone numbers, email addresses, and customer data used in sales operations. Financial information such as credit card details was not exposed in the breach. Nissan noted that the compromised Red Hat environment does not store any other data beyond what was confirmed as impacted. Nissan has no evidence that the leaked information has been misused. This is the second cybersecurity incident for Nissan Japan this year, following a Qilin ransomware attack in late August that hit its design subsidiary Creative Box Inc. (CBI). The Crimson Collective has also claimed responsibility for a breach at Brightspeed, an ISP operating across 20 US states. The group claims to have obtained PII on over one million customers and disrupted their connectivity. The PII includes account master records, address coordinates, payment history, payment methods, and appointment/order records. The group posted samples of the data on Telegram and claimed to have disconnected users' home internet. Jacob Krell from Suzu Labs commented on the broader implications of such breaches, noting their societal and national security impact.

Open in new tab

Boyd Gaming Corporation data breach after cyberattack

Boyd Gaming Corporation, a US gaming and casino operator, disclosed a data breach after threat actors gained access to its systems. The breach resulted in the theft of employee information and data belonging to a limited number of other individuals. The company has engaged external cybersecurity experts and notified law enforcement. The incident has not affected operations, and the company expects its cybersecurity insurance to cover associated costs. Boyd Gaming operates 28 gaming properties across ten states and employs over 16,000 people. The breach was disclosed in a FORM 8-K filing with the SEC. No threat actors have claimed responsibility for the attack.

Open in new tab

Farmers Insurance Data Breach Affects Over 1 Million Customers

Farmers Insurance, along with its affiliated companies and subsidiaries, experienced a data breach through a third-party vendor. The breach occurred on May 29 and was discovered the following day. Over 1 million customers were affected. The compromised data included personal information, although the specific details have not been disclosed. The incident was detected by the vendor's monitoring tools, which allowed for quick containment measures. The company has notified law enforcement and is offering affected individuals two years of complimentary identity monitoring services. The breach was detected on May 30, and the investigation concluded on July 24. The unauthorized access involved a third-party vendor's database containing customer information.

Open in new tab