Public Prosecution Service launch criminal investigation into Odido cyberattack

The Public Prosecution Service (OM) is looking into a large-scale cyberattack at telecom provider Odido, which resulted in the theft of millions of customer records. A spokesperson confirmed the criminal investigation to ANP but could not provide additional information.

Odido announced earlier this month that a cyberattack compromised the personal information of 6.2 million accounts, including names, addresses, bank account details, and ID document numbers. Hackers from the ShinyHunters group have reportedly threatened to publish the stolen data on the dark web this week. They demand over 1 million euros by Thursday morning to hold off, leaving Odido with the tough choice of paying the ransom or refusing, according to cybersecurity specialists.

Odido has not commented on the situation. The company’s spokesperson said that CEO Søren Abildgaard is currently too occupied to address the press.

Customer anxiety seems high, judging by social media responses. Many are concerned about the fate of their personal information.

Reports to the Centraal Meldpunt Identiteitsfraude (CMI) have surged since the Odido leak, more than doubling in a week. The center, where individuals can report suspected misuse of stolen identity data, has received 590 reports about the telecom company, up from 245 just a week earlier.

Operating under the Ministry of the Interior, the Centraal Meldpunt Identiteitsfraude (CMI) notes that the majority of reports are from individuals concerned about potential identity fraud. In some instances, reporters claim their personal data has indeed been misused and associate it with the Odido breach, though the CMI cannot confirm this link.

Odido stressed earlier that passwords and call records were not compromised. Customers have been advised to stay alert, particularly when handling invoices. According to Odido’s website, “Cybercriminals may take advantage of the situation by sending fraudulent invoices that look like they come from Odido or other companies.”

On its website, the company notes that a data leak does not automatically grant customers the right to compensation. “We are currently working to ensure that customers do not suffer any damage from this incident,” Odido explains.