Hackers have released the full cache of customer data stolen from Dutch telecom provider Odido, following the company’s refusal to meet their ransom demands. The breach, first reported in early February 2026, has now escalated into one of the most significant data exposures in the country’s telecom sector, with millions of personal records published online.
The cyberattack was carried out by a group identifying itself as ShinyHunters, a known hacking collective that has previously been linked to large-scale data breaches. After obtaining unauthorized access to Odido’s systems, the group began releasing batches of customer data online across several days in late February, culminating in the publication of the entire dataset after negotiations broke down.
Odido confirmed that data from both current and former customers was involved in the breach. The telecom provider had previously stated that the records of approximately 6.2 million individuals were impacted. However, some hacker claims, which have not been verified independently, suggest the breach could include up to 8 million records. The data sets published by ShinyHunters reportedly contain sensitive customer information such as names, addresses, dates of birth, phone numbers, email addresses, bank account numbers (IBAN), and identification numbers like passports and driver’s licenses.
According to NL Times, the hackers initially demanded a ransom of €1 million, which was later reduced to €500,000. Odido refused to comply with the demand, stating that it would not pay ransom under any circumstances. The company emphasized that its position was aligned with recommendations from law enforcement and cybersecurity authorities. Following this refusal, ShinyHunters proceeded to release the stolen data in full.
The Dutch Public Prosecution Service has launched a criminal investigation into the breach. Authorities are working to identify how the attackers gained access to Odido’s systems and to assess the extent of the data exposure. The telecom provider has not disclosed the specific technical method used in the intrusion.
The breach raises serious concerns about the safety and potential misuse of personal data. Experts warn that the exposed information could be exploited for identity theft, targeted scams, or financial fraud. A report from NL Times quoted cybersecurity professionals saying the stolen data is “worth gold for criminals.” While there is no evidence that passwords or call records were part of the leak, the types of information released are still considered highly sensitive.
Odido has begun contacting affected customers to inform them of the breach. Individuals are being advised to stay vigilant, monitor their financial accounts, and be cautious of unsolicited communications. Several users on forums such as Reddit have also confirmed that the leaked data is searchable on platforms like Have I Been Pwned, where users can check if their email addresses were compromised.
In a series of leaks leading up to the full disclosure, ShinyHunters had gradually released files containing portions of the stolen data. The final release was confirmed by several sources tracking the group’s activities, and the dataset appears to have been widely circulated in cybercrime forums. According to coverage by NL Times, these postings included over one million customer records per day during the week prior to the full cache going public.
The incident has drawn widespread scrutiny not only for its scale but also for Odido’s response strategy. While the refusal to pay ransom aligns with cybersecurity best practices—endorsed by organizations such as Europol and national law enforcement agencies—it also means that the stolen data will remain in public circulation, with little hope of containment.
This breach follows a series of high-profile cyberattacks across Europe in recent months, intensifying pressure on telecom and infrastructure providers to bolster digital security. While Odido has not yet confirmed whether the attack exploited a known vulnerability or an undisclosed system weakness, the criminal investigation is expected to clarify the technical cause of the intrusion in the coming weeks.
Odido continues to work with Dutch authorities and data protection officials to manage the aftermath of the breach. It remains unclear whether further leaks or copycat threats will emerge in the wake of the ShinyHunters disclosure.
Customers seeking to determine whether their data was included in the leak can consult platforms such as Have I Been Pwned, or wait for direct communication from the telecom provider. Meanwhile, experts recommend that affected individuals remain alert for suspicious banking activity, phishing emails, or attempts at impersonation.
Discover more from Aree Blog
Subscribe now to keep reading and get access to the full archive.
