Dutch Police Investigate Vishing Call as Key Lead in Odido Cyberattack Exposing 6.39 Million Customers
The recent cyberattack on Odido, a major Dutch telecom provider, has raised significant concerns following revelations of potential involvement by Dutch nationals. The attack, linked to the notorious ransomware group ShinyHunters, compromised the personal data of approximately 6.39 million customers. As investigations proceed, law enforcement is urging the public to assist in identifying those responsible for what is considered one of the largest data breaches in the Netherlands.
Timeline of the Attack
The cyber incident occurred over February 5 and 6, when attackers utilized voice phishing, or vishing, to deceive Odido’s customer service representatives. Posing as internal IT staff, the attackers gained unauthorized access to sensitive customer data. Although Odido’s security teams detected the breach immediately and revoked access, the attackers had already exfiltrated significant amounts of data, resulting in a large-scale data breach.
Investigative Developments
Under the guidance of the National Public Prosecution Service, the High Tech Crime Team (THTC) of the National Investigation and Intervention Unit has launched a comprehensive investigation into the breach. Authorities have indicated strong evidence suggesting that Dutch criminals may have played a role in the attack. A critical lead involves a phone call made shortly before the breach, during which a Dutch-speaking individual impersonated an Odido IT employee while communicating with customer service representatives. The police are actively working to identify this caller, with the possibility of releasing his voice to the public if necessary.
Investigators believe that individuals within cybercrime circles might possess crucial information regarding the perpetrators and are encouraging anyone with relevant details to reach out to law enforcement.
ShinyHunters Identified as the Threat Actor
Odido has attributed the attack to the cybercriminal group ShinyHunters, which executed a sophisticated social engineering campaign. CEO Søren Abildgaard publicly acknowledged the incident, expressing regret to affected customers and emphasizing the company’s commitment to enhancing its cybersecurity measures. He stated that Odido would continue to invest in security, improve data protection practices, and expand customer support services.
Abildgaard also clarified the company’s decision not to pay the ransom demanded by the attackers. He noted that complying with such demands would reward illegal activities and could potentially encourage further attacks against other organizations in the Netherlands. This decision was made in consultation with authorities, despite the risk that stolen data could eventually be published.
Scope of the Breach
Odido confirmed that approximately 6.39 million active and former customers of Odido and its Ben brand were impacted by the breach, while customers of Simpel were unaffected. The exposed data varied among individuals and included names, addresses, mobile phone numbers, customer numbers, email addresses, IBAN numbers, dates of birth, identification details, nationality, and gender.
The company clarified that certain sensitive information, such as My Odido account passwords, call records, location data, billing information, and scans of identity documents, remained secure and were not compromised. Reports suggesting that customer passwords had been leaked were addressed by Odido, which confirmed that login passwords remained encrypted and were never accessible during the attack. A separate telephone verification field, known as “password_c,” used as a customer challenge code for a limited number of customers, has since been discontinued.
Enhanced Customer Support and Security Measures
In response to the breach, Odido has bolstered its customer support by hiring over 140 additional service agents and implementing new security measures. These include the “Check je Gesprek” verification service, which allows customers to verify the legitimacy of communications claiming to be from Odido. Additionally, customers now have access to the F-Secure digital security service.
Odido has notified all customers identified as affected via email or SMS, and customer service teams are actively assisting users with inquiries related to their specific data exposure.
Meanwhile, Dutch authorities anticipate that investigations into the Odido cyberattack will continue for several months. Police have issued warnings about the increasing prevalence of cyberattacks targeting businesses and institutions, urging organizations to strengthen their cybersecurity defenses and advising citizens to remain vigilant against follow-on fraud and phishing attempts.
For further details on this incident, visit the original reporting source: thecyberexpress.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.


