Cops back Dutch telco Odido after second wave of ShinyHunters leaks The Netherlands' national police is backing Odido's refusal to pay a ransom after ShinyHunters leaked a second round of records belonging to the telco. In the early hours of Friday morning, the cybercriminals behind ShinyHunters leaked 1 million Odido records for the second day in a row. According to Have I Been Pwned, which …
So, according to your expertise, leaking the same data multiple times is the big problem?
I know it is hard, but if no one ever payed digital ransoms, the business model would keel over. Then, the attacks that would subsist would mainly consist in sponsored ones, and be easier to identify as such
Odido's business deserves to suffer on account of holding passport and driving licence numbers in the first place. These are surely not necessary for providing a telecoms service. However as customers have provided this data they must be OK with it unless Odido made them a requirement in which case they would appear to be in breach of GDPR.
Agree very much. Then again, in my experience the Netherlands is very fertile grounds for that kind of default practice. Not only is nobody surprised if a business is asking for/ makes a scan of your passport or asks for your DigiD/ BSN, but moreover in their "(cheap!) quest to eliminate criminality" everything is pushed towards digital (safe™) actions. As an simple QED: try to pay cash in a Dutch establishment... with for example a 100 euro bill.
And as for the Dutch "issue management"; so the customers whose data is now pwned due to the (non) actions of Odido... get a F-Secure subscription to keep their devices/ data safe? Like it is the fault of these silly (stupid apparently) customers that their bank account details now are known to a Nigerian Princess? Dutch version of irony I suppose...
The Netherlands government's approach is horribly unbalanced here.
On the one hand, it "protects" Odido's decision to not pay ransom while utterly failing to penalize Odido for their security failures.
What ought to happen is Odido -- and their Board of Directors, personally -- be whacked with eye-watering fines.
If I own and run a small business -- say a convenience store -- and I make bad business decisions, I, personally pay the price, losing my investment, and perhaps my house if I took out a second mortgage to finance my store.
There is no good reason for Boards of Directors to escape that level of personal financial liability, particularly considering the insane amounts of money they collect for serving on those boards of directors.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
