-
Odido CEO refuses to pay after hackers stole 6.39 million customers’ personal data.
-
ShinyHunters broke in using a simple voice phishing call to impersonate internal IT staff.
-
Criminals are now targeting victims directly after a million data lines hit the dark web.
The Dutch telecom Odido’s CEO has released an update concerning the stolen personal information of 6.39 million customers. That includes names, bank accounts, ID numbers, and birth dates from a February breach by the group ShinyHunters.
The CEO clearly stated they won’t be compensating any customers, nor would they pay the attackers.
Odido’s Position Regarding the Data Breach
In a video statement, Søren Abildgaard, the CEO of Odido, made his position crystal clear this week. He says no investigation has shown his company broke any rules. The CEO was firm about not paying the attackers.
He strongly believes criminals should not receive rewards for their criminal activities. According to his statement, they are acting based on guidance from the authorities.
Instead of writing checks, he “promises to learn from this experience.” He also noted that they’re working with cybersecurity experts and are also trying to review and upgrade their processes.
Abildgaard also noted that they were supposed to communicate with people immediately, but wanted to complete investigations first to ensure they shared accurate information.
Here’s what actually happened. Back in early February, the threat actor group ShinyHunters pulled off a surprisingly simple heist. They used voice phishing to impersonate Odido’s internal IT staff. Someone on the inside fell for it. And just like that, the hackers walked right into Odido’s Salesforce system.
The stolen haul includes names, addresses, phone numbers, bank accounts, ID numbers, IBANs, and dates of birth. We’re talking about 6.4 million current and former customers. That’s almost every person in the Netherlands who has ever done business with this telecom giant.
The Ransom Demand and the Dump
ShinyHunters demanded over €1 million. Their offer? Keep all that data private. Odido said no. So the hackers dumped one million lines of stolen data straight onto the dark web.
And now? Odido customers are actively getting targeted by criminals using that leaked data. This isn’t a theoretical risk anymore. It’s happening in real time.
The CEO did release a written statement apologising for the breach. He said he “deeply regrets” what happened and promised to keep investing in defenses.
He offered free security tools like “Check je Gesprek” and F-secure. But for the millions now exposed? They’re offering additional security measures for customers and implore users to be patient while they work to regain trust.
Why This Breach Cuts so Deep
Here’s the thing about data like this. It doesn’t expire. Your name and birth date stay yours forever. Same with your ID number and IBAN.
Criminals can use this information for years. They can open accounts in your name. They can drain your real bank account, and even call your loved ones pretending to be you.
The threat to financial data is so serious that even banking institutions are being targeted. Hackers claim to have stolen 250GB of data from Nigeria’s Chartered Institute of Bankers (CIBN), proving that no financial institution, whether a telecom or a bankers’ association, is safe.
Salesforce has been proactively contacting customers to help them harden their systems. They’ve warned companies about attacks exactly like the one Odido fell victim to. So why didn’t Odido take those precautions?
Right now, two major actions are already moving forward. A class action lawsuit from CUIC. And a criminal investigation by the Dutch Public Prosecution Service. Neither one guarantees customers a single euro of compensation.
How to Protect Yourself
While we await Odido to do its part in fixing this mess, individual customers have their own role to play in keeping things safe. Here is what you need to do today. First, freeze your credit if your country allows it. This stops criminals from opening new accounts using your ID number. Do it now before someone beats you to it.
Second, monitor your bank accounts like a hawk. Check them every single day. Notice anything weird? Report it immediately. Acting fast helps to reduce the extent of damage.
Also, beware of phishing emails and text. Criminals often use people’s phone numbers and addresses to make scams feel real. They might call pretending to be your bank. They might text a fake shipping alert. Never click links. Never share codes. If you receive such calls, just drop the call and contact the company using their official line to verify.
Next, change passwords on all your accounts. Consider using a password manager to get unique and strong passwords and avoid reusing one for multiple accounts. Enable 2FA everywhere possible. No exceptions.
In addition, Odido says they have emergency lines for at-risk customers. They also have special care lines for customers over 65. Use them if you need help. Just remember who let this happen in the first place.
A million lines of your data are already out there, and criminals are probably already using it.
