Massive Phone Data Breach Triggers Wave of Fake Traffic Fines Across Netherlands
The Hague, 26 March 2026
Over 5,200 Dutch residents contacted authorities in one week questioning suspicious traffic fines, representing a hundredfold increase from normal levels. Criminals exploited personal data from Odido’s recent telecommunications breach to send convincing fraudulent penalty notices via email, SMS, and WhatsApp, demanding payments between €150-680 within 24 hours.
Scale of the Fraudulent Campaign
The Dutch Central Judicial Collection Agency (CJIB) experienced an unprecedented surge in enquiries during the week leading up to 25 March 2026, receiving 5,200 calls from concerned residents questioning the legitimacy of traffic fines they had received [1]. This represents a dramatic escalation from the agency’s typical weekly intake of only a few dozen such reports [1]. The fraudulent messages appeared across multiple communication channels, including email, SMS, and messaging applications, despite the CJIB never issuing legitimate fines through digital means [1].
Criminal Tactics and Financial Demands
The sophisticated scam operation employed urgent messaging tactics designed to pressure victims into immediate action. Recipients received warnings stating they must pay outstanding fines within 24 hours to prevent penalties from increasing or to avoid losing their driving licences [1]. The fraudulent demands ranged between €150 and €680, with some messages threatening that amounts would be doubled if not paid on time [1]. These communications directed victims to counterfeit websites where criminals attempted to collect both payments and personal information, including dates of birth, phone numbers, and home addresses [1].
Connection to Odido Data Breach
Security experts have established a probable link between this surge in fraudulent activity and a major data breach at telecommunications provider Odido, which exposed personal information belonging to millions of customers [1]. The timing correlation suggests criminals capitalised on the stolen data to create convincing, personalised scam messages that appeared authentic to recipients. A notable development in this campaign has been the increased use of WhatsApp for delivering fraudulent messages, marking a relatively new approach in CJIB-related scams [1].
Official Guidance and Protection Measures
Johan Bac, CJIB director, emphasised the agency’s commitment to helping citizens verify legitimate communications, stating that ‘criminals are constantly trying to trick people out of money in every way imaginable’ whilst highlighting that cjib.nl provides guidance for checking the authenticity of fines or notices [1]. Legitimate CJIB traffic fines can be identified by a distinctive large letter M positioned in the top right corner of mailed notices [1]. Crucially, genuine digital notifications are only sent through the Berichtenbox on MijnOverheid, never via direct links in emails or SMS messages [1]. The agency recommends that anyone uncertain about a fine should verify bank account details against official account numbers listed on the CJIB website [1].