Dutch police say they have found evidence pointing to the involvement of Dutch criminals in the February cyberattack on telecom provider Odido, a breach that exposed personal data belonging to more than 6 million customers.
The new lead is not a flashy exploit or a magic backdoor. According to police, a Dutch-speaking man called Odido’s customer service operation before the attack and pretended to be an employee from the company’s IT department. That call helped deceive staff into granting access, police said, giving the attackers a path to customer information.
Police have not identified the caller. Investigators are also still looking for other possible suspects and have asked people with information to contact them. Authorities said they may publish a recording of the caller’s voice later if they decide it is needed.
How the attackers got in
Dutch cyber authorities previously said the attackers entered through a compromised customer contact system used by Odido. From there, they were able to download customer records. Odido said at the time that the incident did not interrupt its services.
That detail matters because it points to the ordinary weak seam in many breaches: not the core network, and not necessarily some elite technical compromise, but a system built for support staff to look up customers quickly. If an attacker gets trusted access to that kind of tool, the data is already organized for them.
Police said they took several servers offline shortly after the breach. Those servers were allegedly used by the hacker group to distribute the stolen data.
Police look for chatter around the attack
Authorities said they believe the people behind the breach may have talked about it online or within their personal circles. Police also said people in the cybercriminal community may know details that could help identify the attackers.
In a statement, Dutch police said cybercrime investigations often take time, but attackers can still make mistakes and leave usable traces. The agency said the Odido case is expected to continue for several more months and that it is too early to say where it will end.
For Odido customers, the confirmed facts remain limited and uncomfortable: attackers accessed a customer contact system, downloaded records, and exposed data for more than 6 million people. Police now say a local social-engineering component may have helped make that possible.
The investigation remains open. Police are asking anyone with relevant information about the caller, the wider group, or discussions around the breach to come forward.
This story draws on original reporting from The Record.