Hackers publish full cache of stolen Odido customer data after ransom refusal

Hackers linked to the group ShinyHunters have published what appears to be the full remaining cache of stolen customer data from Dutch telecom provider Odido, marking the fourth consecutive day that data from the breach has been posted online, NOS reports.

The release follows Odido’s decision last week not to pay ransom demands and comes after earlier partial disclosures of stolen information. The breach involves personal data tied to millions of current and former customers, as well as hundreds of thousands of businesses.

According to an analysis by NOS, the newly published dataset contains information on more than 6.5 million individuals and about 600,000 companies. The data includes slightly more than 5 million unique identification documents, such as driver’s licenses and passports, as well as residence permits, including those belonging to diplomats.

The published files also contain dates of birth, phone numbers and email addresses. For about 71,000 people, the dataset includes the email address of a court-appointed administrator or another caregiver.

The file released Sunday also incorporates all data that had been disclosed in the three previous releases. However, some sensitive information that appeared in the first two datasets is missing. Bank account numbers and internal customer service notes are not included in the latest release. Those notes contained details such as whether customers had debts or had exhibited misconduct.

The hackers said they are deliberately withholding that information. “Those are not relevant,” the group claimed, while simultaneously stating that the data would be kept “for own use.”

On their dark web site, the hackers said that “recent developments” prompted them to publish the remaining customer data all at once rather than continuing to release it in stages to sustain public attention. They declined to explain what those developments were when asked by NOS.

The cybercriminals broke into Odido’s systems in early February, stealing personal data linked to at least 6.2 million accounts belonging to both current and former customers. The stolen information included names, addresses, bank account numbers and identification document numbers.

Last week, ShinyHunters demanded ransom from Odido to prevent publication of the data. The initial demand was about 1 million euros, later reduced to 500,000 euros. Odido publicly refused to pay, saying it would “not allow itself to be blackmailed,” citing advice from police and cybersecurity firms.

Since Odido announced that decision Thursday, the hackers have released data daily. On Sunday, they repeated their earlier warning and renewed their demand for payment. “Make the right decision, don’t be the next newspaper headline and pay the ransom,” the group said.