Odido Data Breach: ShinyHunters Claim Responsibility for 6.2 to 21 Million Records
Dutch telecommunications provider Odido is facing a significant data breach after the cybercriminal group ShinyHunters claimed responsibility for stealing user data. The group is demanding a ransom payment, threatening to leak the information of potentially millions of customers.
What Happened?
Odido first disclosed a breach on February 12, 2026, stating that attackers gained access to its customer contact system on February 7, 2026 and downloaded personal data [1, 2]. Initially, Odido reported that 6.2 million customers were affected [2], but ShinyHunters now claims the number is closer to 8 million, encompassing a total of 21 million lines of data [4].
What Data Was Compromised?
The exposed information varies per customer and may include: [2]
- Full name
- Address and city of residence
- Mobile number
- Customer number
- Email address
- IBAN (bank account number)
- Date of birth
- Identification details (passport or driver’s license number and validity)
Odido has stated that passwords, call details, location data, billing data, and scans of identity documents were not exposed [2].
Who is ShinyHunters?
ShinyHunters is an extortion gang known for hacking cloud environments and targeting large organizations [4]. Previous victims include Microsoft, Ticketmaster, Jaguar, Louis Vuitton, and Pornhub [4]. The group appears to be primarily based in Europe, rather than Russia, like many other cybercriminal gangs [4].
Ransom Demand and Odido’s Response
ShinyHunters is demanding a ransom of over €1 million, threatening to leak the stolen data if their demands are not met by Thursday morning [4]. As of February 25, 2026, Odido has not publicly announced whether it intends to pay the ransom, citing ongoing investigations [2].
What is Odido Doing?
Odido has taken the following steps in response to the breach: [2]
- Reported the breach to the Dutch Data Protection Authority
- Blocked the attackers’ access to its systems
- Hired external cybersecurity experts to assist with incident response and mitigation
- Warned customers to be alert for suspicious activity on their accounts
What Should Customers Do?
Odido advises customers to be vigilant for “suspicious and unusual activity” on their accounts and profiles [4]. While Odido states that stolen data is not always misused, customers should remain cautious.