The Dutch Public Prosecutor’s Office has initiated a criminal investigation into a significant cyberattack on the telecom provider Odido, resulting in the theft of millions of customer records. While the investigation is confirmed, no additional details have been disclosed at this time. Odido has also opted for no public commentary on the matter.
A representative from the Public Prosecutor’s Office informed the ANP press agency about the development. It is noteworthy that the Prosecutor’s Office chose to announce the investigation at this early stage, a departure from its typical cautious approach. This decision underscores the seriousness of the incident, especially given the scale of the data breach, which involves the potential theft of millions of records. If confirmed, this incident may mark one of the largest cyberattacks recorded in the Netherlands.
The ongoing investigation will be conducted from a criminal law perspective, which could lead to accountability measures against Odido if negligence in data protection is established. Furthermore, the Prosecutor’s Office may be taking an active role in this case due to reports indicating that a hackers’ group is demanding a significant ransom.
A hacker collective is demanding a ransom for the stolen data associated with the Odido breach.
A Major Data Breach in the Netherlands
The breach targeting Odido is considered one of the largest in the Netherlands, with Odido reporting the theft of approximately 6.2 million customer records. However, the hacker collective known as ShinyHunters has claimed that the affected data may involve as many as 8 million records. This discrepancy highlights the significant lengths to which the attackers have gone to obtain sensitive information.
Reportedly, an ultimatum has been set for Odido, with a deadline of February 26 for the payment of a “seven-figure sum” to the hackers. Should the company fail to comply, the data is expected to be disclosed on dark web platforms. This situation has elicited considerable public unrest among Odido’s customer base, reminiscent of another major breach in the Netherlands that occurred in 2025 involving Clinical Diagnostics, where substantial medical data was compromised.
In response to the incident, customers of Odido and its subsidiary Ben can now obtain a free security package for two years, which includes services from F-Secure. This package offers antivirus protection, a password manager, and phishing detection services, aimed at alerting customers if their personal data is exposed.
This incident underscores the pressing need for effective cybersecurity measures and risk management strategies, particularly for organizations that handle sensitive customer data. The tactics likely employed by the attackers include initial access techniques, potentially via phishing or exploiting known vulnerabilities, as well as persistence and privilege escalation techniques to maintain control over the compromised environment. The MITRE ATT&CK framework may provide critical insights into understanding the methods used and the importance of robust incident response protocols.