The cybercrime group ShinyHunters has posted messages online claiming responsibility for a data theft linked to the recent security breach at Dutch telecommunications provider Odido Netherlands. The group said it obtained personal information belonging to millions of Odido customers and threatened to release the data if a ransom was not paid.
ShinyHunters published screenshots on a public hacking forum that it said show parts of the stolen dataset. The posted images included lists of fields that the group claimed were taken during the incident, such as names, dates of birth, telephone numbers, addresses, and government identification numbers. The threat actor said it would publish the full dataset unless Odido paid a ransom demand. The amount of the ransom has not been disclosed.
Odido confirmed in earlier statements that more than 6.2 million customer records had been compromised in a cyberattack discovered in February 2026. The company said the attackers extracted customer names, contact details, and other personal information, but that passwords and sensitive operational data were not taken. Company officials notified affected customers and reported the incident to the Dutch privacy regulator, Autoriteit Persoonsgegevens.
In response to ShinyHunters’ online postings, Odido reiterated that it was investigating the situation and working with law enforcement and cybersecurity partners. The telecom provider said it would not give in to ransom demands and continued to advise customers to be vigilant for phishing attempts or other scams that might exploit exposed information. Odido also said it had strengthened monitoring and security controls following the breach.
Cybersecurity analysts noted that groups such as ShinyHunters often seek to increase leverage by threatening to release stolen data publicly. They said posting sample data and ransom demands on forums is a common tactic used to pressure victims into negotiation. Analysts also said that the risk of wider distribution of stolen personal information can persist even if a ransom is refused.
As of the time of reporting, ShinyHunters had not published the full dataset it claimed to hold, and no independent verification of the authenticity of the posted samples had been released. Odido said it would provide updates if further information became available. The company continued to monitor for signs of misuse of customer data and urged individuals to review account activity and report suspicious contacts to authorities.