The risk of identity fraud
The data stolen from Odido during a recent cyberattack represents a “breeding ground for criminals,” according to Dave Maasland, director of cybersecurity firm ESET. He suggests that the threat stems from the specific combination of information obtained rather than the volume. Maasland describes the breach as a “gold mine” because it includes names, addresses, bank account details, and passport numbers.
This specific mix of data allows criminals to appear highly credible when contacting victims. Consequently, fraudsters can more easily convince people—often from vulnerable groups—that they are official representatives, such as bank employees. This concern follows a sharp rise in reports to the Fraud Helpdesk. Last year, the service recorded over 100,000 cases, which marks a 60 per cent increase.
The ransom dilemma
The hacking group ShinyHunters has claimed responsibility for the attack. They have demanded a ransom of over £1 million, giving Odido until Thursday morning to pay. As a result, the telecom provider faces a difficult choice. Maasland warns that paying a ransom funds criminal organisations. This allows them to reinvest in more sophisticated tools for future attacks. Furthermore, he noted that the long-term societal costs of such payments are often overlooked.
While paying might prevent the immediate public release of data, Maasland cautions that it does not guarantee safety. Cybercriminals may still sell the information covertly later. He compares this situation to the 2019 attack on Maastricht University. In that instance, the university paid nearly £170,000 in Bitcoin to restore its systems. The university described the decision as a “diabolical dilemma.” However, because the police recovered some of the funds and Bitcoin rose in value, the university eventually received over £400,000 back years later.
@ anp | NEWS BRAINPORT
