Dutch police threaten to release suspect's voice in hunt for hackers behind 6 million record Odido breach
A recorded phone call of local man gives police their strongest lead yet

Stock photo by Christian Charisius/picture alliance via Getty Images
- Dutch police say they may release a suspect's voice recording publicly if he doesn't come forward, after finding "strong indications" of a Dutch nationals' involvement in Odido hack.
- Investigators are appealing for anyone in cybercrime circles with information to come forward, warning that "cybercriminals are vulnerable too – they leave traces behind."
- Police have already taken down several servers used to distribute the stolen data as the investigation, expected to run several more months, continues behind the scenes.
- A caller posed as an Odido IT employee to bypass MFA and access its CRM, letting ShinyHunters steal 6.2 million customer records – data that was later published after an extortion attempt.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Dutch police have identified a key suspect in the cyberattack that exposed the personal data of more than six million Odido customers and may release a voice recording of the alleged social engineering caller to help identify him.
The caller allegedly posed as an Odido IT employee shortly before the breach, helping hackers gain access to the Dutch telecom provider's systems.
The High Tech Crime Team is continuing to investigate the individual who impersonated the IT employee, as well as others who may have been involved.
The stolen data was later published online after cybercrime gang ShinyHunters claimed responsibility for the attack and threatened the company with extortion.
In a statement issued July 9 by the country's National Operations Unit, which deals with cybercrime, investigators working for its High Tech Crime Team said they had "strong indications" to believe that Dutch nationals were involved in the operation and are urging the suspect to come forward voluntarily.
If the suspect refuses, the police said in the statement that they may release the recording publicly to help identify him.
"Investigations like this are often complex and take time, but cybercriminals are vulnerable too – they leave traces behind. At several points during the investigation into the Odido hack, we were able to secure evidence that has allowed the investigation team to make further progress."Stan Duijf, head of operations, National Operations Unit.
Server takedown
During the investigation, authorities also managed to take down several servers allegedly used by the hacker group to distribute the stolen customer data.
Investigators believe the perpetrators may have discussed the attack online or within cybercrime circles and say others may know who was involved. Police are appealing for anyone with information to contact authorities.
"We urge anyone with information to come forward and share it with the police," Duijf added.
The breach was disclosed by Odido in February after attackers gained access to the telecom provider's Salesforce-based customer relationship management (CRM) system.
More than 6.2 million current and former customers had personal information stolen, including names, addresses, telephone numbers, bank account details, dates of birth, customer IDs, and government-issued identity document numbers.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Reporting at the time indicated the attackers relied on voice phishing and social engineering.
They allegedly impersonated IT staff, tricking employees into approving fraudulent login requests that bypassed multi-factor authentication before using automated tools to extract customer records.
The latest police findings appear to reinforce that theory, identifying the phone call as a key part of the intrusion.
Strong password generator
The investigation remains ongoing and is expected to continue for several more months as Dutch authorities work to identify everyone involved in one of the country's largest data breaches.
In April, Consumers United in Court (CUIC) launched a class-action lawsuit against telecom provider Odido regarding the massive data leak in February.
The incident has also spawned several compensation-based scams, however, encouraging affected people to come forward and make claims for a one-off 50 Euro fee.