Last updated 1 month ago
The ShinyHunters extortion gang breached Dutch telecommunications provider Odido, compromising millions of user records from its systems. The breach was publicly disclosed in February 2026, with the threat actor claiming responsibility for the intrusion and data theft.
The attack involved unauthorized access to Odido's infrastructure, resulting in the exfiltration of millions of customer records. ShinyHunters, a known extortion group, executed the breach and subsequently claimed responsibility, though specific initial access vectors and exploitation techniques remain unspecified in current reporting.
No confirmed post-incident developments regarding regulatory actions, litigation, ransom payments, or remediation milestones are available at this time.
Article provides specific record count (6.2 million customers) and confirms affected data types (names, addresses, phone numbers, emails) that were previously unspecified in the database entry.
Article provides new specific details including ransom demand amount (over a million euros), explicit threat timeline from hackers, and confirmation from Shinyhunters to RTL Nieuws about their responsibility for the attack.
Article provides specific record count of 'over six million customers' where the database entry had no record count, and confirms the breach was revealed by the company itself rather than just attributed to ShinyHunters.
Article reveals a second batch of stolen customer data containing highly sensitive information, indicating new data exposure beyond what was previously known about the Odido breach.
Record count revised from unspecified to 1,520,769 breached accounts with detailed breakdown of data types including passport, driver's licence, and European national ID numbers, plus bank account numbers and customer service notes.
Second wave of data leaks by ShinyHunters with threats of larger daily dumps, and confirmation of Dutch national police backing Odido's refusal to pay ransom.
Telecommunications providers like Odido, which manage vast volumes of sensitive customer data, must implement robust access controls and continuous monitoring to detect unauthorized intrusions by threat actors such as ShinyHunters. The breach underscores the critical need for enhanced network segmentation and data encryption to protect customer records even if perimeter defenses are compromised.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor