Dutch Police Threaten to Publish Voice of Hacker Behind Odido Data Breach

Dutch Police Threaten to Publish Voice of Hacker Behind Odido Data Breach

2026-07-09 data

The Hague, Thursday, 9 July 2026.
Dutch police may publicly release an authentic voice recording of the Dutch-speaking hacker who compromised over six million Odido telecom accounts.

Anatomy of a Vishing Attack

In early February 2026, telecom provider Odido became the target of a highly coordinated cyberattack that bypassed traditional digital defenses through social engineering [1][4][5]. The breach commenced when a Dutch-speaking male contacted the company’s customer service department, masquerading as an internal IT employee [1][4]. By utilizing “vishing”—or voice phishing—the attacker successfully manipulated a customer service representative into logging into a fraudulent, simulated IT environment [1][2].

The Scale and Impact of the Breach

The consequences of the breach are vast, compromising the personal information of millions of users [2][4]. The stolen dataset includes highly sensitive records such as names, addresses, email addresses, telephone numbers, IBANs, and identification details [2]. In total, the cyberattack compromised the data of 7.100 million entities, consisting of over 6.5 million individuals and 600,000 companies [5]. Among these records were more than 5 million unique identity documents and Citizen Service Numbers (BSN) [5].

The Police Investigation and the Voice Ultimatum

The criminal investigation is being led by the Landelijk Parket of the Public Prosecution Service and executed by the Team High Tech Crime (THTC), a specialized unit of the Dutch National Police [4]. Early in the investigation, law enforcement successfully took several servers offline that were being utilized by ShinyHunters to distribute the stolen data [2][7]. Currently, the police are focusing heavily on the identity of the Dutch-speaking caller who initiated the breach [1][4].

The Human Element in Corporate Cybersecurity

The Odido breach underscores a critical challenge for corporate innovation managers and product owners: securing the human link in the security chain [2]. While organizations invest heavily in technical safeguards, social engineering tactics like vishing remain highly cost-effective and successful because they exploit human trust [2]. According to Duijf, absolute security can never be guaranteed, comparing the situation to a physical mugging where the criminal remains the guilty party regardless of the victim’s precautions [3].

Bronnen


Cybersecurity Data breach