AMSTERDAM — The cyberattack targeting Dutch telecom provider Odido has reached a critical turning point following the company’s refusal to meet ransom demands from the hacking group ShinyHunters.
According to reports from NOS, the group has now published what appears to be the full remaining cache of stolen customer data, marking the fourth consecutive day of leaks. This latest disclosure includes sensitive personal and corporate information belonging to approximately 6.5 million individuals and 600,000 companies. The dataset is particularly alarming due to the inclusion of more than five million unique identification documents—including passports, driver’s licenses, and residence permits belonging to diplomats—alongside phone numbers, birth dates, and email addresses.
The hackers originally breached Odido’s systems in early February, later demanding a ransom that was eventually lowered to 500,000 euros. Odido stood firm against the extortion, stating it would "not allow itself to be blackmailed" based on advice from law enforcement and cybersecurity experts. In a curious twist, the hackers have opted to withhold certain sensitive details from this final public release, such as bank account numbers and internal customer service notes regarding debts or misconduct, claiming they are "not relevant" but will be kept for "own use." Despite the massive data dump, the group has renewed its threats, warning the telecom giant to "make the right decision" to avoid further fallout.
