Hackers publish 680,000 Odido customer records, demand ransom and threaten more releases

Hackers released stolen personal and financial information of hundreds of thousands of Odido customers on the dark web, following a ransom demand of more than 1 million euros. The cybercriminal group Shinyhunters warned that additional data could be published over the next 16 days if Odido does not pay. The group claims that it possesses information on more than 10 million current and former customers. The breach is among the largest ever reported in the Netherlands and has prompted a criminal investigation.

Shinyhunters published an initial dataset containing information on roughly 680,000 individuals, including former customers who have not held an Odido subscription for years, according to an analysis by RTL. Dutch broadcaster NOS said the leaked files also contain sensitive internal notes about financially vulnerable customers.

After releasing the data, the hackers posted a message to Odido saying, "You know how to find us. Our offer still stands, including for negotiation.”

The leaked material includes full names, home addresses, phone numbers, email addresses, and roughly 275,000 IBAN bank account numbers, which are highly valuable for fraud. It also contains customer service notes showing who received payment reminders or formal demands, sometimes with explanations, and whether customers have debt registrations, a court-appointed administrator, or were investigated for fraud. Some notes describe customers who behaved aggressively toward Odido store staff.

The files reportedly cover data on about 680,000 individuals and roughly 320,000 businesses. While the leak does not include passport, driver’s license, or ID card numbers, it identifies tens of thousands of people who were unable or unwilling to pay their bills. NOS reported that the leaked notes specifically highlight customers with payment problems, information considered especially sensitive because these individuals may be more susceptible to offers promising quick money.

Cybersecurity experts cited by Dutch media warned that paying ransomware does not guarantee stolen data will remain private, noting that once data is taken, it can appear in other leaks even after a payment is made. The Dutch Public Prosecution Service has launched a criminal investigation into the breach.

Earlier this month, Odido confirmed it suffered a massive cyberattack, stating that the data of at least 6.2 million customers was stolen. Affected customers have been notified by email and advised to monitor for suspicious messages.