• ShinyHunters extortion gang claims Odido breach affecting millions February 24, 2026 06:40 AM 0 The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems. • Odido is one of the largest telecommunications companies in the Netherlands and offers mobile, broadband, and television services to millions of customers nationwide. • The companydisclosed the breachon February 12, revealing that attackers downloaded the personal data of many of its users after gaining access to its customer contact system on February 7. • However, Odido added that no Mijn Odido passwords, call details, location, data, billing data, or scans of identity documents were exposed during the incident. • According to the telecom firm, the exposed information varies per customer and may include a combination of full name, address and city of residence, mobile number, customer number, email address, IBAN (bank account number), date of birth, and some identification details (passport or driver’s license number and validity). • It also toldlocal mediaat the time that the data breach affected 6.2 million customers and that the threat actors reached out to say they had stolen millions of user records.

Article Summaries:

  • ShinyHunters, an extortion gang, claims it breached Dutch telecom operator Odido, stealing millions of customer records. Odido disclosed the incident on Feb. 12 after attackers accessed its customer‑contact system on Feb. 7. The company said no passwords, call logs, billing data or identity‑document scans were exposed, but the leak may include names, addresses, mobile numbers, emails, IBANs, dates of birth and some ID details. Odido reported the breach to the Dutch Data Protection Authority, blocked the attackers and hired external cyber‑security experts. ShinyHunters posted the data on its dark‑web leak site, asserting it contains 21 million records and internal corporate data, though Odido disputes the claim.
  • The Dutch telecom operator Odido announced on February 12 that attackers accessed its customer‑contact system on February 7 and stole personal data from about 6.2 million customers. The exposed information includes names, addresses, mobile numbers, customer IDs, emails, IBANs, dates of birth and some ID numbers; passwords, call logs, billing data and identity‑document scans were not compromised. Odido has reported the incident to the Dutch Data Protection Authority, blocked further access and hired external cyber‑security experts. The ShinyHunters extortion gang has since claimed responsibility, posting a leak site that alleges 21 million records, including internal data and plaintext passwords, were stolen. Odido has denied these claims.

Sources: