Technology

Hackers publish more Odido customer data

Shinyhunters leaks names bank details and BSN numbers, Telecoms keep centralising identity records anyway

Images

Photo: Odido Photo: Odido Odido

Hackers who breached Dutch telecoms firm Odido have published additional customer data on the dark web after the company refused to pay a ransom, DutchNews.nl reports. Odido says information linked to 6.2 million current and former customers was stolen, while the Shinyhunters group claims more than 10 million are affected.

The newly released material includes names, addresses, phone numbers, email addresses, bank account numbers, and internal customer-service notes, according to DutchNews.nl. It also includes BSN citizen service numbers—identifiers that are widely used across Dutch public and private systems. Odido says passport, driving licence and ID document details have not yet been published, but the attackers have threatened to release those later.

The incident illustrates a persistent problem in telecoms: providers are paid for subscriptions and customer retention, while the cost of leaked identity data is borne by customers, banks, and public agencies that must deal with fraud and remediation. Once a dataset contains contact details plus financial identifiers and narrative notes from customer service staff, it becomes a ready-made toolkit for targeted phishing and account takeover. In the telecom context, that can cascade into SIM-swap attempts, interception of one-time passwords, and downstream compromise of email and banking accounts.

Odido said it consulted cybersecurity advisers and government officials and decided not to negotiate. The ransom demand is reported to be €1 million. In practice, refusing to pay does not end the harm; it often changes the attacker’s strategy from extortion to publication, turning a private breach into a public data dump.

For affected customers, the immediate issue is not only what was taken but how it will be used. The “Have I Been Pwned” service has indexed the first two leaks so people can check whether their email address appears, DutchNews.nl notes, and Dutch police run a similar tool.

Odido has not said when it expects the publication campaign to end. Shinyhunters says it will continue releasing information over the coming days.