The ShinyHunters cybercriminal group has started publishing customer records it claims were stolen from Dutch telecommunications provider Odido after the company declined to pay a ransom, according to multiple reports. ShinyHunters posted a dataset on a dark web blog on February 27, 2026, that it said contained about 2 million lines of Odido customer records. Reports from Dutch media and cybersecurity sources say hackers are releasing data in stages and have threatened to post additional records daily unless Odido meets their demands.
Odido, formerly part of T-Mobile Netherlands, confirmed earlier in February that it suffered a cyberattack affecting its customer contact system, which it said resulted in unauthorized access to personal data for about 6.2 million customers. The company said it blocked further access and was working with external cybersecurity experts, but it had not initially said that the data was being published online. Reports indicate hackers claimed to have data for up to 8 million people, including names, phone numbers, and other personal information.
ShinyHunters issued an initial threat in late February demanding payment of a ransom exceeding €1 million and warning that customer data would be published if Odido did not comply. When Odido rejected negotiations and said it would not pay the ransom, the group proceeded to make portions of the allegedly stolen dataset public. Dutch broadcaster NOS reported that Odido’s refusal followed advice from cybersecurity consultants and national police.
Cybersecurity researchers analysing the published data say some entries include full names and contact details, while other lines appear incomplete or duplicated. It was not immediately clear whether all released records represent active customers or “clean” verified data. The attackers have used their regular dark web victim blog to post the data and warn of further releases.
Odido’s breach comes on the heels of a wider incident in early February 2026, when the company disclosed that attackers had accessed its customer relationship management system. The company said that passwords, call logs, and billing information were not affected, but that names, addresses, email addresses, and account identifiers may have been included. At the time of the breach announcement, Odido reported it was investigating the incident and notifying impacted customers.
The ongoing publication of the data reflects a broader pattern in which ransomware and extortion groups pressure organisations through staged leaks when ransom demands are rejected. ShinyHunters has made similar claims against other organisations, and it is known for listing alleged victims on dark web forums or blogs.
As of the latest reports, Odido had not disclosed any updates on negotiations or a change in stance regarding the ransom demand. The company’s priority, according to statements cited by Dutch media, remains securing its systems and protecting customers’ information in the aftermath of the breach.
Site Disclaimer
2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.
The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.