Dutch Telecom Giant Faces Million-Euro Ransom Demand After Massive Customer Data Theft

2026-02-25 data

Amsterdam, Wednesday, 25 February 2026.
Notorious hacker group ShinyHunters has stolen personal information from up to 8 million Dutch telecom customers and set a Thursday deadline for over €1 million ransom payment. The breach affects one-third of the Netherlands’ population, with stolen data including bank details and passport numbers. This represents one of the largest telecommunications breaches in Dutch history, highlighting critical vulnerabilities in essential infrastructure protection.

Scale and Timeline of the Breach

The cyberattack occurred during the weekend of February 7-8, 2026, when hackers gained unauthorized access to Odido’s customer contact system [1][2]. Odido officially disclosed the breach on February 12, 2026, after discovering the intrusion [1]. The company initially reported that 6.2 million customers were affected [2][3], representing approximately one-third of the Netherlands’ population. However, the cybercriminal group ShinyHunters disputes this figure, claiming to have stolen data from 8 million customers totaling 21 million lines of data [1][2]. The discrepancy highlights the ongoing uncertainty about the true scope of this unprecedented breach in Dutch telecommunications history.

The Attackers and Their Methods

ShinyHunters, the cybercriminal group behind the attack, employed sophisticated social engineering techniques to breach Odido’s systems [8]. The hackers gained access by posing as IT colleagues to customer service staff, successfully stealing employee login credentials through this deceptive approach [8]. ShinyHunters has established itself as a prominent threat actor since emerging in 2020, having previously targeted major corporations including Microsoft, Ticketmaster, Jaguar, and Louis Vuitton [2][7]. The group gained particular notoriety in 2024 for allegedly stealing data from 560 million Ticketmaster customers and demanding $500,000 for 1.3 terabytes of information [2]. More recently, in December 2025, they compromised Pornhub, affecting 200 million premium accounts including 1.5 million Dutch users [7].

Stolen Data and Ransom Demands

The stolen data encompasses a comprehensive range of personal information, including names, addresses, phone numbers, email addresses, dates of birth, customer numbers, bank account numbers, and passport or driver’s license numbers with validity dates [2][3][8]. ShinyHunters claims to possess additional sensitive information, including customer passwords that appear to be verification codes used for telephone service changes [6]. The hackers have demanded a ransom described as ‘a low seven-figure amount’ - over €1 million - with a deadline of Thursday morning, February 26, 2026 [1][2][6]. In their threatening message on the dark web, the group stated: ‘This is your final warning. Otherwise, we will leak the data’ [1][6]. The criminals have also threatened ‘several annoying (digital) problems’ beyond data leakage if their demands are not met, though they have not specified whether this includes DDoS attacks or other cyber disruptions [1].

Corporate Response and Customer Protection

Odido, led by CEO Søren Abildgaard, has taken immediate action following the breach discovery [2]. The company closed the attackers’ access to its systems, implemented additional security measures, and notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) as required by law [2][3][4]. Odido has directly contacted affected customers via email and phone to inform them of the incident [3][4]. On Monday, February 17, 2026, the company announced it would provide customers with a free two-year subscription to security software for Windows, Mac, mobile phones, and tablets [8]. However, Odido has stated that a data breach does not automatically entitle customers to compensation [2]. The company maintains that its services have not been impacted by the incident and that no passwords, call records, or invoice data were compromised in the attack [3]. Notably, some former customers who ended their contracts 5-10 years ago received breach notifications, despite Odido’s stated 2-year data retention policy, which the company is currently investigating [2].

Bronnen

cybersecurity ransomware