The ShinyHunters cybercrime group is conducting an extortion attack against Dutch telco Odido, having stolen approximately 21 million customer records and is now serially leaking them to pressure a ransom payment. The attack vector and specific technical vulnerability exploited are not detailed in the article. The company, backed by the Netherlands' national police, is refusing to pay the ransom and advises affected customers to remain vigilant for targeted phishing attacks due to the sensitive nature of the leaked data, which includes bank account and passport numbers.
Cyber-crime Cops back Dutch telco Odido after second wave of ShinyHunters leaks Company refuses to pay ransom as attackers threaten larger daily dumps Connor Jones Fri 27 Feb 2026 // 13:54 UTC The Netherlands' national police is backing Odido's refusal to pay a ransom after ShinyHunters leaked a second round of records belonging to the telco. In the early hours of Friday morning, the cybercriminals behind ShinyHunters leaked 1 million Odido records for the second day in a row. According to Have I Been Pwned , which is ingesting the data from each day's leaks, the first million contained 317,000 unique email addresses, while the second round consisted of 371,000. Details associated with those accounts include bank account numbers, other basic personal information, passport numbers, driving licenses, and customer service comments. ShinyHunters' website indicates that it is once again gearing up for a third round of leaks on February 28. If this round is of a similar scale, it would push the total number of affected accounts past 1 million. After the third round, the cybercrime group promised to begin leaking 2 million records a day. It claims to have stolen around 21 million in total. Odido first confirmed the scale of the data leak weeks ago, saying 6.2 million customers were affected by the attack. The company's website is currently not reachable at the time of writing, although the website for subsidiary Ben, whose customers were also caught up in the data theft, is still working. The telco has also confirmed that it will not be paying a ransom, an unknown sum that ShinyHunters is demanding to stop the flow of leaked information into the public domain. The Netherlands' national police (Politie) has reissued an alert advising organizations in similar positions to avoid paying ransoms, just like Odido. "Our advice to ransomware victims is: don't pay if criminals demand a ransom," said Stan Duijf, head of operations responsible for combating cybercrime at the Politie. "After all, if they are paid, their business model remains viable. Wynn Resorts takes attacker's word for it that stolen staff data was deleted ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant ShinyHunters claims it drove off with 1.7M CarGurus records "The ultimate decision is up to the victim, but you can't assume your data is safe if you pay. We know from research that criminals don't always delete the data , and may resell it or demand more money. If companies are hacked, it's crucial that they contact the police as soon as possible, so that together we can limit the damage and secure the evidence." The Politie said Odido was fully complying with its investigation into the attack, and agreed with the company's advice to remain vigilant to potential targeted phishing attacks , given the volume of data stolen. The Register requested more information from Odido. The last public statement made by the telco, penned by Søren Abildgaard, CEO at Odido Netherlands, and updated on February 26, said: "Our focus has always been on our customers, and that will remain so. "On the advice of leading cybersecurity advisors and relevant government agencies, such as the police, Odido has decided not to negotiate with these criminals or allow themselves to be blackmailed by them. "We remain committed to supporting and protecting our customers and employees in the best possible way." Customers are being offered a 24-month subscription to F-Secure's digital security package, which provides protection for devices against malware, phishing, and other threats. ® Share More about Cybercrime Netherlands Telecommunications More like these × More about Cybercrime Netherlands Telecommunications Narrower topics 5G AT&T British Telecom Comcast EE Emergency Services Network Ericsson ESA Mobile Network National Broadband Network NCSC NTT Orange Telecommunications Act of 1996 TETRA Verizon Vodafone Voice over IP Broader topics Benelux EMEA Europe European Union Sector Security More about Share POST A COMMENT More about Cybercrime Netherlands Telecommunications More like these × More about Cybercrime Netherlands Telecommunications Narrower topics 5G AT&T British Telecom Comcast EE Emergency Services Network Ericsson ESA Mobile Network National Broadband Network NCSC NTT Orange Telecommunications Act of 1996 TETRA Verizon Vodafone Voice over IP Broader topics Benelux EMEA Europe European Union Sector Security TIP US OFF Send us news