Søren Abildgaard, the CEO of Odido, has posted several videos online explaining exactly what happened when the telecom provider was attacked by ShinyHunters and why the company decided not to pay its attackers.
In early February, Odido was the target of a ransomware attack by the ShinyHunters extortion group.
The hackers managed to lay their hands on full names, postal addresses, telephone numbers, customer IDs, bank account numbers, dates of birth, government-issued ID numbers, such as passports and driver’s licenses, and other personal or sensitive information.
According to Abildgaard, the hackers used voice phishing to steal large amounts of data. IT workers immediately revoked the threat actor’s access as soon as the unauthorized access was detected. Within days, millions of affected customers were informed about the incident.
ShinyHunters exfiltrated the personal information of 6.39 million customers. They threatened to release the stolen data on the dark web if Odido refused to pay the ransom. The data was released on March 1st.
In one of the videos, Abildgaard explained why Odido refused to pay the ransom.
“I strongly believe that criminal organizations should not be rewarded for criminal activities. Paying the ransom could also put a target on the back of other Dutch companies. Acting on the clear guidance of the authorities, we decided not to pay the ransom,” he says.
Abildgaard continues by saying that he knew that this decision could lead to stolen data being published on the dark web.
“But ultimately, I felt that this was the responsible decision. Nevertheless, I completely understand the impact of this decision on all of our customers.”
In a separate video, the CEO promises to make Odido a safer, more resilient place for customers and their data.
“Although I cannot change the past, we can control how we move forward.”
That’s why Odido is committed to continuing to invest in its organization to stay up to date with sophisticated cyber threats. Additional security measures have been implemented, including stricter rules around SIM swaps and pursuing new cybersecurity accreditations.
In addition, Odido will offer additional security measures for its customers in the coming months and years. Lastly, the telecom provider is taking a full critical review of its data retention policies and processes and will continue to strengthen its data security practices.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked