Odido Data Breach: Millions of Customers Affected as Hackers Demand Ransom
Dutch telecommunications firm Odido has suffered a significant data breach impacting over 6 million customers, with hackers releasing stolen data on the dark web and demanding a ransom exceeding €1 million. The cybercriminal group, Shinyhunters, is threatening to release further data if their demands are not met.
Breach Details and Data Exposed
The breach, one of the largest reported in the Netherlands, involves the compromise of customer data within Odido’s customer relationship management (CRM) system. Shinyhunters initially released a dataset containing information on approximately 680,000 individuals, including former customers according to RTL analysis. The group claims to possess data on over 10 million current and former customers.
The leaked data includes sensitive personal and financial information, such as:
- Full names
- Home addresses
- Phone numbers
- Email addresses
- Approximately 275,000 IBAN bank account numbers as reported by DutchNews.nl
- Customer service notes, including details about financial vulnerability, debt registrations, and aggressive behavior towards staff
Ransom Demand and Odido’s Response
Following the data breach, Shinyhunters demanded a ransom of over €1 million from Odido. The hackers warned that additional data would be published over the next 16 days if the ransom is not paid . However, Odido has refused to negotiate with the criminals or pay the ransom .
Impact and Investigation
The data breach affects a significant portion of Odido’s customer base, which hovers around 7 million according to Cybernews. A criminal investigation has been launched in response to the incident.
Odido has stated that operational service delivery has not been affected, and customers can continue to safely make calls and leverage the internet as per their official statement. However, customers are urged to be vigilant for potential fraud and scams.
What Customers Should Do
Currently, there is no legal way for Odido customers to determine if their specific information has been published RTL reported. Customers should remain cautious of phishing attempts and monitor their bank accounts for any unauthorized activity.