← Back to Security Blog
Security Briefing 6 min read

Odido 6.2M Records Leaked + CarMax Breach Today

Dutch telecom giant Odido leaks 6.2 million customer records. CarMax breach breaks today affecting 431K. Figure fintech compromised with 967K accounts. This week's breach roundup shows why continuous monitoring isn't optional.


Odido — 6.2 Million EU Customer Records

Largest Dutch Telecom Breach of 2026

Odido (formerly T-Mobile Netherlands) has confirmed a massive data breach affecting 6.2 million customers — nearly one-third of the Dutch population.

Detail Information
Company Odido (formerly T-Mobile NL)
Records Exposed 6.2 million
Data Types Names, addresses, phone numbers, account details
Breach Date February 12, 2026
Regulatory Impact GDPR, NIS2 violations likely

NIS2 Implications: As a telecom provider, Odido is classified as an "essential entity" under NIS2. This breach triggers:


CarMax — Fortune 500 Breach TODAY

Breaking: 431,000 Customer Records Exposed

Auto retail giant CarMax (Fortune 500) confirmed a data breach affecting 431,000 customers. News broke this morning.

Key details:

CarMax operates 240+ locations across the US. The breach demonstrates that even Fortune 500 companies with significant security budgets remain vulnerable.


Figure Technology — Fintech Breach

967,000 Accounts Compromised

Figure Technology Solutions, a blockchain-native fintech firm, has confirmed a breach affecting approximately 967,000 customer accounts.

Detail Information
Company Figure Technology Solutions
Records ~967,000 accounts
Industry Fintech / Blockchain
Regulatory SEC-regulated, SOX compliance required

As a SEC-regulated fintech, Figure faces significant regulatory scrutiny. The breach exposes personal and financial information.


This Week's Breach Roundup

Company Records Industry Date
Odido 6.2M Telecom (NL) Feb 12
CarMax 431K Auto Retail (US) Feb 20
Figure 967K Fintech Feb 18
Betterment 1.4M Investment Feb 5
Canada Goose 582K Retail Feb 17
Eurail Unknown Travel Feb 16

Week total: 9.5+ million records exposed across 6 major breaches.


The Numbers Don't Lie

Metric Value
Average breach cost (2025) €4.45 million
Average detection time 287 days
This week's exposed records 9.5M+
NIS2 maximum penalty €10M or 2% revenue

What You Should Do Today

  1. Scan your infrastructure — Find vulnerabilities before attackers do
  2. Check NIS2 compliance — Use our free checklist at kensai.app/compliance/nis2-checklist
  3. Review third-party access — Supply chain attacks are rising
  4. Test incident response — Can you notify within 24 hours?
  5. Update credentials — If you used any breached services

Don't Be Next Week's Headline

KENSAI finds vulnerabilities AND generates fixes. 32+ tools. 60-second results. AI-powered patches.

Run Free Security Scan →

Stay secure. Stay vigilant.

🗡️ KENSAI Security Team

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →