The telecom provider Odido is facing a class action lawsuit over a data breach that exposed the personal details of over six million Dutch residents. Starting today, affected customers may join the claim for free.
The first mass claim against Odido is being brought on by a privacy foundation called Consumers United in Court (CUIC). The plaintiff previously pursued antivirus company Avast for allegedly selling user data without consent.
CUIC demands compensation of €500 per victim from the defendant, reports AD.
However, an expert warns that the proceedings may well last up to two years. So don’t count on Odido’s payout to pay your energy bills.
What happened in the Odido breach?
In early February, hackers broke into Odido’s system by tricking customer service staff with phishing emails and fake phone calls posing as the company’s IT department.
Despite multiple warnings from Salesforce (Odido’s customer relationship management platform) to be wary of prank callers, the juvenile ploy enabled hackers to bypass two-factor authentication and access Odido’s customer database.
The stolen data included names, home addresses, phone numbers, bank details, and ID numbers for both current and former customers.
Dankjewel heh Odido pic.twitter.com/fLpjyewwyV
— Stijn de Vreede 🍿 (@VrijndeSteede) April 3, 2026
Odido refused to pay the ransom demanded by the hacking group ShinyHunters, which then published this data on the dark web.
What does CUIC want from Odido?
Aside from paying for damages, CUIC wants Odido to issue a formal message to all current and former customers whose data was leaked. Further, CUIC requests that the defendant fully account for how the breach happened.
Hilde Laffeber, CUIC’s communications expert, believes that victims of the leak could fall prey to phishing attacks.
“The mere fear that something like this could happen is already damage,” she tells RTL Z.
On one hand, CUIC blames Odido for its negligence. Laffeber claims, “Far too much data was stored for far too long a period. The sheer volume of data stolen alone shows that the data was not properly protected.”
On the other hand, a mass claims expert at Leiden University, Bonne van Hattum, thinks the case is more complicated than CUIC makes it seem.
She tells AD, “You have to be able to demonstrate that stakeholders suffered damage due to the actions of a party.”
How do you join the case?
Anyone who was a customer of Odido, Ben, T-Mobile, or Tele2 can sign up on CUIC’s website to join the lawsuit. You don’t need to know for certain whether your data was included in the breach.
While joining is completely free, a portion goes to the company financing the litigation if a payout is made. The exact share will depend on how long the case runs and what’s ultimately awarded.
Is it worth it, you ask? Van Hattum believes so.
The expert tells AD, “CUIC has most likely conducted thorough research into the feasibility. Otherwise, no financier would be interested.”
Were you caught up in the Odido breach? Are you planning to join the claim? Let us know in the comments.
