Dutch Hackers Use AI to Combine Multiple Data Breaches for Advanced Fraud Schemes

2026-03-15 data

Amsterdam, Monday, 16 March 2026.
Cybercriminals are leveraging artificial intelligence to merge stolen Odido customer data with information from other breaches, creating detailed victim profiles for sophisticated attacks. Security experts reveal hackers now scan internet databases to cross-reference personal details from nearly 1,000 compromised websites containing 17.5 billion accounts worldwide. The technique enables remarkably targeted scams, such as identifying wealthy elderly individuals through social media posts about art exhibitions, then crafting personalized fraud attempts. This evolution represents a dangerous escalation in cybercrime methodology, transforming scattered data breaches into interconnected weapons for social engineering attacks across the Netherlands.

The Mechanics of Multi-Source Data Exploitation

The sophisticated approach employed by cybercriminals involves systematically combining the stolen Odido dataset with information from multiple other breaches to construct comprehensive victim profiles. According to cybersecurity expert Sijmen Ruwhof, “Met al die gelekte data bouwen hackers een profiel van je op” (With all that leaked data, hackers build a profile of you) [1]. The scale of available data for such operations is staggering, with haveibeenpwned.com documenting 17.5 billion compromised accounts from nearly 1,000 websites worldwide [1]. This vast repository of personal information serves as the foundation for increasingly targeted and convincing fraud attempts.

Cybersecurity Nederland expert Liesbeth Holterman explains how artificial intelligence amplifies the effectiveness of these combination attacks: “Een telefoonnummer van een 80-jarige oma in een datalek mag niet altijd interessant zijn, maar wat als die oma op Facebook zet dat ze naar kunstbeurs Tefaf gaat? Dan weet zo’n hacker dat die oma vermoedelijk geld heeft. Om dit soort informatie snel te achterhalen, scannen hackers het internet af met AI” (A phone number of an 80-year-old grandmother in a data leak may not always be interesting, but what if that grandmother posts on Facebook that she’s going to the Tefaf art fair? Then such a hacker knows that grandmother probably has money. To quickly obtain this kind of information, hackers scan the internet with AI) [1]. This technique transforms seemingly innocuous social media activity into valuable intelligence for targeted financial fraud, demonstrating how personal information shared online inadvertently aids criminal operations [1].

Strategic Targeting of High-Value Individuals and Organizations

The breach’s impact extends beyond individual consumers to strategically important sectors, with data from over 16,000 employees in critical industries now exposed [1][7]. The compromised information includes personnel from major Dutch companies including 110 former employees of ASML in Veldhoven, 288 employees of NXP in Eindhoven, and staff from Brabant Water [7]. Cybersecurity expert Lisa de Wilde characterizes the breach’s significance: “De combinatie van al die gevoelige gegevens en de schaal van het lek, maakt deze hack redelijk uniek” (The combination of all those sensitive data and the scale of the leak makes this hack fairly unique) [7]. This targeting of employees in strategic sectors creates particular vulnerabilities, as their business accounts may be well-secured while their personal accounts remain unprotected, creating what Ruwhof describes as “Een goudmijn voor hackers” (A goldmine for hackers) [1].

The Odido Breach Timeline and Corporate Response

The cyberattack on Odido unfolded in mid-February 2026 when the hacker group Shinyhunters used social engineering techniques to steal data from 6.2 million customers [3]. On March 8, 2026, Odido officially notified customers about the breach, which had compromised personal information including full names, addresses, mobile numbers, email addresses, IBANs, birth dates, and identification details from their customer contact system [2]. The criminals demanded approximately 1 million euros to prevent publication of the stolen data, but Odido refused to negotiate following advice from police and cybersecurity experts [3]. As cybersecurity expert Dave Maasland from ESET explained, paying would have been “complete onzin” (complete nonsense), noting that “Er is veel reden om aan te nemen dat deze groep niet te vertrouwen is. Door te betalen, maak je ze alleen maar krachtiger” (There is much reason to believe that this group is not to be trusted. By paying, you only make them more powerful) [3]. After Odido’s refusal to pay, Shinyhunters published the stolen data on their website the weekend before March 4, 2026 [7].

Bronnen

cybersecurity data breach