Dutch regulators probe Odido after massive data breach exposes millions of customer records
Millions of Odido customers face potential identity theft risks after a cyberattack exposed their personal data. Dutch authorities are investigating the breach and Odido’s data retention practices, raising concerns about digital security in critical services.
| Key Fact | Details |
|---|---|
| Incident | Cyberattack on Odido’s customer system |
| Data Exposed | Millions of customer and personal records |
| Regulators Involved | Dutch Digital Infrastructure Inspectorate (RDI) & Data Protection Authority (AP) |
| Investigation Focus | Security measures, GDPR compliance, and data retention periods |
| Legislation | GDPR, Telecommunications Act (Tw), Regulation on Security and Integrity in Telecommunications (Rvit) |
| Inspector-General | Angeline van Dijk (RDI) |
| Impact | Potential identity theft and loss of trust in digital infrastructure |
The Dutch Digital Infrastructure Inspectorate (RDI) ensures the security and reliability of the Netherlands' digital infrastructure, safeguarding critical services like telecom providers. The Dutch Data Protection Authority (AP) enforces GDPR compliance and protects citizens' personal data from misuse or breaches.
Openrijk has no cookies or ads
But could use some support
external link to whydonate.comRead the full translated article below
RDI and AP launch investigation following incident at Odido
The Dutch Digital Infrastructure Inspectorate (RDI) is launching a further investigation into the security of Odido’s customer system at the time of the incident in which millions of customer and personal data records were stolen and published online. The RDI is working in collaboration with the Dutch Data Protection Authority (AP). In addition, the AP is launching an investigation into the retention periods for these data records.
Following the incident, Odido informed the RDI that it had been the victim of a cyberattack. The RDI immediately began collecting facts and circumstances surrounding the incident. Inspector-General of the RDI, Angeline van Dijk, stated: “Incidents like this highlight the importance of robust efforts to strengthen digital resilience. This requires both technical and organizational measures. As a society, we must be able to trust in the secure operation of our critical services.”
After this initial phase, during which Odido was given the opportunity to address the acute issues, the regulators will begin an investigation based on the General Data Protection Regulation (GDPR), the Telecommunications Act (Tw) and the Regulation on Security and Integrity in Telecommunications (Rvit).
Due to the legislation applicable to this incident, the RDI is collaborating with the AP for the security investigation. In addition, the AP is launching an independent investigation into the retention periods for the data of (former) customers.
About the RDI
A well-functioning digital infrastructure is vital for the Netherlands. We oversee the availability, continuity and reliability of this digital infrastructure so that everyone can trust in its secure operation. For a safely connected Netherlands.