Cybercriminals were able to successfully gain access to our customer contact system. After the criminals gained access, they were able to download customer data in a covert and unauthorized manner. The investigation is ongoing. As soon as more information becomes available, we will share further updates via this page.

In the weekend of 7 and 8 February, we first received signals that there was a data breach. We immediately began further investigation together with our internal and external cybersecurity experts and took immediate action. As soon as the data breach was confirmed, we decided to inform the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and the affected customers as quickly as possible.

The data that was leaked differs per customer but may include name, contact details (name/address details, phone number), date of birth, customer number, and also email address, bank account number (IBAN), and identity document numbers and expiry date. Our investigation into exactly which data have been affected is still ongoing. As soon as more information becomes available, we will share further updates via this page.

Immediately after the cyberattack, we contacted the customers whom we determined had been affected. Our investigation is still ongoing. As it progresses, we are gaining an increasingly clear picture of which other customers may also have been impacted.

If our investigation shows that your data have been affected and you have not yet received a notification from Ben, we will contact you directly.

We take this incident very seriously. Immediately after discovering the data breach, we: 

1. Blocked the unauthorized access to the customer contact system.
2. Implemented additional security measures.
3. Further scaled up monitoring for unusual activity.
4. Increased employee awareness of how cybercriminals operate (phishing).

The security of our infrastructure and our customers is our top priority. Our networks and systems are designed with security in mind. We are continuously working to improve our resilience. We work with external security experts to keep improving. However, cybercriminals operate in a highly advanced and targeted manner, and unfortunately no organization is immune. We continuously work on improvements and are using this incident as the reason for a thorough evaluation.

Our services have not been affected. Customers can continue to call, and use the internet, and use all other Ben services as normal.

Odido and Ben customers have been affected by the cyberattack. Odido has a separate information page: www.odido.nl/veiligheid. Simpel customers have not been affected.

We sent 4 versions of the same email to our customers, because the data that may have leaked can be different per customer. These 4 versions are: 

1. Only the name and address details were leaked.
2. Name and address details and bank details leaked.
3. Name and address details and ID details leaked.
4. Name and address details and ID details, and bank details leaked. 

It can happen in a household or a company where several different types of emails are sent. This is because there can be several accounts at one address. In general, it is wise to follow all the tips we give to be extra careful about all versions. Being extra careful is always better. 

We emphatize that your Ik Ben password, your subscription details, your call details, your bill details or your location details, and any scans of identity documents are not part of the data leak.

We are in contact with various organizations regarding this data leak. However, for customers, it is currently most important to remain extra alert themselves. You can find our tips on this page.

The data leak itself is not a valid reason to terminate your agreement early.

We refer you to our website where you can find the available information. In short, we took the following steps to help customers prevent damage: 

1. Ended the unauthorized access.
2. Personally informed customers by email and/or text message so everyone can be extra alert.
3. Informed the Dutch Data Protection Authority about this incident.
4. Brought external cybersecurity experts for extra support.

Immediately after the cyberattack, we contacted the customers whom we determined had been affected. Our investigation is still ongoing. As it progresses, we are gaining an increasingly clear picture of which other customers may also have been impacted.

If our investigation shows that your data have been affected and you have not yet received a notification from Ben, we will contact you directly.

We have made a careful and deliberate assessment. Both leading experts and government authorities have strongly advised us not to engage with this criminal group. This advice is based on extensive experience with this specific group.

Cybercriminals have indeed begun publishing part of the leaked data. We are closely monitoring these developments together with our external experts. As soon as we are able to share more information, an update will be posted on this information page.

With the leaked data, cybercriminals could, for example, try to:

1. Impersonate customers or trusted companies – for example, posing as a bank or Ben and sending fake bills via phone or email.
2. Phishing – fake emails, calls or SMS targeting customers or their contacts.

What they cannot do:

• - Use your passwords.
• - View your call history.
• - Track your location.

Be extra alert for unexpected phone calls, SMS or WhatsApp messages, and emails. Have you received a message and you’re not sure whether you can trust it? Visit odido.nl/phishing to learn what to look out for and find tips on how to recognize phishing. Also check your bills and bank account regularly. You can change your passwords if that makes you feel more comfortable, but this is not necessary: no passwords have been leaked. Our earlier advice to stay alert still applies.  

In addition, you can activate F-Secure’s digital security package free of charge for 24 months. This provides extra protection for your phone, tablet and computer against viruses, phishing and other online threats. More information is available at https://www.ben.nl/ondersteuning. 

The investigation remains ongoing. We understand that you are concerned. That is why we want to assure you that it is our utmost priority to ensure we are providing you with the most up-to-date information as possible. We will continue to provide updates on this page.

With email bombing, your email address is signed up in bulk for newsletters or online services, which can cause your inbox to fill up quickly. 

Here’s what you can do:  

1. Block and delete these emails (if they haven’t already been stopped by your spam filter).
2. Don’t click on links or “unsubscribe” buttons in suspicious emails.
3. Check whether any important, legitimate messages are mixed in.
4. Consider the F‑Secure digital security package (free of charge for 24 months) as extra protection against phishing and fake emails that can sometimes be hidden among a large volume of messages. Unfortunately, this won’t stop the email bombing itself, but it can help you identify suspicious links/attachments more quickly. More information: https://www.ben.nl/ondersteuning. 

No. This is not an email from Ben. Please be aware of a phishing email sent in Ben's name that references the cyberattack. The message urges you to click a link and fill in a so-called mandatory “compensation request form". This is not an Ben email. Do not click any links, do not provide any information, and delete the email. Official Ben emails on this topic are sent exclusively from info@mail.ben.nl and contactformulier@ben.nl. Always check the sender's email adress, not just the name you see.

No, in our opinion, the data breach at Ben does not necessitate changing your bank account number. The Dutch Banking Association (NVB) has also emphasized that it is not possible to log in to your banking environment with a back account number, such as your banking app or online banking. Your bank account is therefore secure according to the NVB. 

You can find the NVB's advice here: https://www.nvb.nl/nieuws/datalek-odido/

To prevent fraud when taking out a mobile subscription, we always check your identity and therefore register the number of your identity documents. This way we know for sure that you are the one taking out the subscription, and we can show that it was you. This also helps prevent contracts, subscriptions, or phones from ending up with the wrong person. If you took out phone credit with Odido Finance, Ben is required by law to check your identity. We must record and keep the number of the identity documents you used to identify yourself for up to 5 years after your phone credit ends. 

Ben’s data retention policies are outlined in our contracts as well as on our website, https://www.ben.nl/privacy.  

As part of our investigation into this cyber-attack, we are also reviewing our data retention policies and processes. These investigations take time, and we will provide further information as soon as we are able to do so. 

We want to emphasize that, based on our current information, no copies and/or scans of IDs are part of the data leak. We have also stated this earlier in our communications. Our investigation into exactly which data has been affected is still ongoing. As soon as we know more, we will share further updates on this page. We also want to point out that the Central Helpdesk for Identity Fraud has also stressed that a data leak does not automatically mean identity fraud, or that identity fraud can be done with the stolen data. 

You can find the advice from the CMI here: https://www.rvig.nl/nieuws/12-02-2026-datalek-odido-veroorzaakt-ongerustheid-cmi-geeft-advies 

No, based on our current information, replacing an identity document is not necessary at this time. We are following the current government advice from the Central Identity Fraud Reporting Centre (CMI). 

You can find the CMI's advice here: https://www.rvig.nl/nieuws/12-02-2026-datalek-odido-veroorzaakt-ongerustheid-cmi-geeft-advies

We understand that this situation can be unpleasant and that you may want to take extra precautionary measures. Based on what we know today, replacing your passport or driver’s license is not necessary at this time. We are closely following the guidance from the Dutch authorities, including the Central Identity Fraud Reporting Centre (CMI). In line with their current advice, those documents do not need to be replaced, so we do not reimburse the costs of replacing these documents at this time. 

We will continue to monitor the situation and the official guidance. 

No, this is incorrect. We would like to emphasize that no passwords from Ik Ben or other login systems have been leaked. The passwords that customers use to log in are stored in encrypted form and have never been accessible. Your Ik Ben account is secure. 

What has been leaked is a field from the customer contact system called “password_c”. Despite its name, this is not a password, but a so-called challenge word or code word. This was used as an additional security question when a customer contacted us by telephone. This code word does not give access to accounts, services or personal data and is completely separate from the systems in which customers log in. 

Such an additional code word was registered for a limited group of customers. As soon as we heard that these code words were included in the leak, telephone verification based on these code words was immediately discontinued.

Our investigation is ongoing. As soon as more information becomes available, we will share further updates via this page.

Ben never sends messages asking you to change your password. Stay alert, and if you don’t trust a message, don’t take any action. For tips on how to recognize phishing, visit www.ben.nl/phishing.

Not an active customer: 
Ben keeps your contact details for up to 2 years after your contract ends, and you switch to another provider, in case you want to become a customer again within this period. We also say this in the privacy statement on our website. Because you switched less than 2 years ago, your details were still in the system, and that is why you received an email or text message. 

Just cancelled: 
To process your cancellation correctly, we still need your data to carry out your contract. Ben also keeps your data for up to 2 years after your contract ends, in case you want to become a customer again within this period. 

You can find our privacy statement here: https://www.ben.nl/privacy.

Ben uses a period of 2 years in the system after all duties on both sides are finished. If you still had unpaid bills after you switched, or service questions that were not finished yet, the 2 years started when the bills were paid, and the questions were handled.

Ben has a standard process for requests to delete customer data. Only a small group of employees are allowed to handle these requests. We kindly ask you to follow our normal process for this. Only in this way can we also check the identity of the person making the request. We refer you to the form on our website: Privacy. 

Sorry to hear that you may have suffered damage because of an incident. Based on the information Ben has at this time, we have no reason to think that any damage is the result of the Ben data leak. If Ben informed you about the data leak, we refer you to our information page for all the tips we currently give to our customers. 

Regarding compensation, we answer the following. A data leak does not automatically give a right to compensation. Our work is currently focused on preventing customers from suffering any damage because of this incident. We informed customers in advance so they can be extra alert for suspicious signs. This is in line with the advice of the Central Helpdesk for Identity Fraud (CMI) of the Dutch government. The CMI also emphasizes that identity fraud does not automatically apply, and that identity fraud cannot automatically be done with the stolen data. The CMI also says that with the affected data you cannot simply take out a loan, open a bank account, or take out a phone subscription. You also cannot request a new identity document with it. Extra checks are needed for that, such as a real identity document, your DigiD, or your bank login details. 

You can find the full advice here: https://www.rvig.nl/nieuws/12-02-2026-datalek-odido-veroorzaakt-ongerustheid-cmi-geeft-advies

A data leak does not give automatically a right to compensation. Our work is currently focused on preventing customers from suffering any damage because of this incident. We informed customers in advance so they can be extra alert for suspicious signs. This is in line with the advice of the Central Helpdesk for Identity Fraud (CMI) of the Dutch government. Be careful with parties that give advice that is different from what the CMI advises. 

You can find the full advice here: https://www.rvig.nl/nieuws/12-02-2026-datalek-odido-veroorzaakt-ongerustheid-cmi-geeft-advies

We understand that you may still have questions. We ask you to check this page for updates. Our customer service team is currently not able to provide more information than what can be found on this page.

If you do have urgent questions, please contact us.