Overview
The Dutch National Police (Politie) has announced it has found "strong indications" that Dutch hackers were responsible for a data breach at Odido, one of the largest telecommunications providers in the Netherlands. The breach occurred in February 2026 and the investigation is ongoing.
About Odido
Odido — formerly known as T-Mobile Netherlands — operates as a major mobile and internet service provider in the Netherlands, serving millions of consumer and business customers. The February breach exposed customer data, the precise scope of which has been under investigation since the incident was first disclosed.
Investigation Details
The Dutch National Police's cybercrime unit has been investigating the Odido breach since it was reported. The announcement of "strong indications" of Dutch hacker involvement is notable for several reasons:
- Domestic threat actors targeting domestic infrastructure represents a shift from the common pattern of foreign state-sponsored or organized crime groups conducting telecom breaches
- Dutch law enforcement has indicated the investigation involves identifiable individuals within the Netherlands
- The use of "strong indications" rather than confirmed attribution suggests the investigation remains active and charges or arrests may follow
The Politie has not publicly named suspects at this stage of the investigation.
Context: Telecom Breaches in 2025-2026
Telecommunications providers have been among the most targeted sectors in recent years. The Salt Typhoon campaign — attributed to Chinese state-sponsored actors — compromised major U.S. carriers and revealed deep vulnerabilities in telecom infrastructure globally. In Europe, multiple carriers have faced breaches ranging from customer data theft to network-level intrusions.
The Odido breach, while apparently domestic in origin, fits into this broader pattern of telecom targeting. Telecoms hold particularly sensitive data including:
- Customer PII and contact information
- Call detail records and metadata
- Location data
- Corporate and government subscriber information
Implications
If Dutch nationals are confirmed as the perpetrators, the case would highlight the risk posed by insider knowledge or domestic actors with familiarity of local telecom systems and regulations. It may also prompt Dutch authorities to review legal frameworks around cybercrime prosecution and corporate notification requirements.
For Odido customers, the breach reinforces the importance of:
- Monitoring for unusual account activity or SIM-swap attempts
- Enabling multi-factor authentication on linked services
- Being alert to phishing attempts using breached contact data
What's Next
The Dutch National Police investigation is expected to continue. Given the public announcement of "strong indications," formal charges or arrests of Dutch suspects may follow in the coming weeks or months.
Odido has not made detailed public statements about the breach scope beyond initial disclosure. Customers with questions about their data should contact Odido directly and monitor communications from the company regarding any notification obligations under the GDPR.