In February 2025, Dutch telecom operator Odido  disclosed a breach affecting 6.2 million current and former customers, roughly a third of the country’s population, and the largest telecom breach in Dutch history. Attackers socially engineered an outsourced call center employee into approving a fraudulent MFA request, gaining access to Odido’s Salesforce CRM environment and exfiltrating highly sensitive data including passport numbers, IBANs, and dates of birth. What follows is reminiscent of a binge-worthy streaming drama: When Odido refused to pay, the attackers deliberately and publicly escalated , leaking all stolen customer data on a dark-web leak […]