Privacy & Security Intelligence Report - February 2026 :

Operator ODIDO Hit By Cyberattack

Odido says it identified a suspected intrusion on 7 February 2026 &, with internal & external specialists, determined that criminals had gained
unauthorized access to a customer contact/communication environment. Odido advised that access was quickly terminated, and that day-to-day telecom services were
not disrupted.

Odido and media reports say the stolen dataset may include names, customer numbers, phone numbers, postal & email addresses, dates of birth, bank account info
(including IBANs), & government ID details such as passport or driver’s licence numbers and validity dates. Following Odido’s breach notification,
Dutch media reported claims that Odido may have stored certain personal data
about former customers longer than allowed under data retention rules.

Latvia Rules out ‘malicious actors’ in undersea cable cut

A privately owned optical cable in the Baltic Sea was damaged in late January. Latvian Prime Minister Evika Silina, leaded authorities are
investigating the circumstances.

The cable links Lithuania & Latvia, and the cause of the damage was not immediately known, Lithuania’s National Crisis Management Centre
said separately.

The Baltic Sea region remains on heightened alert following multiple outages affecting power cables, telecom links and gas pipelines since Russia’s 2022 invasion of Ukraine. In response, NATO has increased its presence with frigates, aircraft and naval drones.

The announcement comes five days after Finnish police seized a cargo ship traveling from Russia to Israel over suspected sabotage of an undersea telecom cable connecting Helsinki and Estonia across the Gulf of Finland.

CNILIssues Record Telecoms Fine

France’s data protection authority, CNIL, has fined telecom subsidiaries Free Mobile & Free SAS a combined €42 million following a massive 2024 data breach affecting 24 million subscribers. The October cyberattack exposed personal data, including international bank account numbers (IBANs), after hackers infiltrated the companies’ information systems. Both firms are owned by Groupe Iliad. CNIL found violations of the EU’s General Data Protection Regulation (GDPR), citing weak VPN authentication and inadequate monitoring systems as key security failures. Free Mobile was fined €27 million, while Free SAS received a €15 million penalty.
Groupe Iliad said it will appeal the ruling, calling the sanctions “completely disproportionate“.

Zimbabwe Telecoms Authority takes lead on capacity building

Zimbabwe has been selected by the Southern African Development Community (SADC) to spearhead regional efforts in strengthening data protection capacity capabilities.

Dr. Gift Machengete, Director General of the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), said the country’s Data Protection Officer (DPO) training programme developed by his organization in collaboration with the Harare Institute of Tech has emerged as a model initiative in the data privacy arena.