The data breach involving Dutch telecom provider Odido has escalated dramatically, as the hacker group ShinyHunters has released millions of private customer records onto the dark web. This action follows Odido’s refusal to pay a ransom of over €1 million, which the group demanded to keep the sensitive information secure.
The breach, initially detected on the weekend of February 7, 2024, led to a troubling series of events when ShinyHunters began a “daily leak” campaign after Odido rejected their demands. On Thursday, the hackers posted 1 million lines of data online, followed by another million early Friday morning. While Odido confirmed that 6.2 million current and former customers were affected, ShinyHunters claims the actual number is closer to 21 million.
Details of the Data Theft
As the situation unfolds, the nature of the leaked data is becoming clearer. The compromised files reportedly include not only names and numbers but also sensitive information such as physical addresses, email accounts, and bank account details, including IBANs. Particularly alarming is the exposure of sensitive identification data, such as passport and driving license numbers.
Odido has emphasized that plaintext passwords were not included in the stolen data, countering claims made by the hackers. Additionally, the company reassured customers that billing information and actual identity document scans remain secure. Despite these reassurances, the potential for identity fraud among affected individuals is significant.
Odido’s Response and Support Measures
In light of the breach, Odido CEO Søren Abildgaard has taken a firm stance against the demands of the hackers. He stated that the company will “not negotiate with these criminals” or succumb to blackmail, a decision that has received full support from the Dutch national police. Cybercrime unit representative Stan Duijf advised victims of ransomware, emphasizing that paying the ransom could enable further attacks and does not guarantee the deletion of stolen data.
To assist customers impacted by this incident, Odido is offering a complimentary 24-month digital security package. This initiative is a crucial step in safeguarding those affected, as customers of Odido and its budget brand, Ben, are urged to remain vigilant against unexpected communications and links.
The implications of this data breach are significant, reflecting the ongoing challenges firms face in protecting customer information from cybercriminals. As businesses navigate the complexities of cybersecurity, the importance of robust data protection measures becomes increasingly evident.