The telecommunications company Odido has announced it will not pay a ransom to the hackers who stole data from millions of customers earlier this month. According to NOS, the criminal group known as ShinyHunters has responded by publishing customers’ personal information on the dark web.
Ransom
While the exact volume of leaked information has not yet been confirmed, the hackers previously threatened to release 1 million lines of data, including addresses and phone numbers, every day until their demands were met. The group set a deadline for this afternoon, demanding an undisclosed sum to halt the leaks.
Odido has decided to ignore the demand. A company spokesperson told the NOS that the firm is following the advice of cybersecurity experts and government agencies by refusing to negotiate with the group. The company stated that its primary focus is now on customer safety and security.
According to the provider, the breach affected more than six million accounts. The stolen data includes names, home and email addresses, telephone numbers, dates of birth, bank account details, and identification numbers.
Compromised security and data
Recent evidence suggests the theft was more extensive than initially thought. NOS acknowledges in its article that the hackers shared data samples with NOS. The data revealed that notes from Odido’s customer contact system were compromised as well. These logs include sensitive details such as whether a customer is in debt, has a financial administrator, or has a history of poor behaviour. Odido admitted it previously did not know that criminals had stolen this additional information.
ShinyHunters, the group behind the attack, has a history of high-profile breaches, including rapine from Ticketmaster and Pornhub. While police and security experts generally advise against paying ransoms to prevent further extortion, many companies still choose to negotiate in secret. Odido, however, maintained in a formal statement that it will not give in to blackmail.
Other reports highlight the severe consequences of the breach, noting that the Public Prosecutor’s Office has launched a criminal investigation. This inquiry could lead to legal action if officials find that Odido failed to protect customer data. The impact is already felt across the Netherlands, as reports to the Central Identity Fraud Reporting Point (CMI) have more than doubled to nearly 600 cases. Although Odido is offering two years of security software as a remedy, experts argue that it cannot protect permanent data such as dates of birth. Consequently, the customers have the burden of security, who must now treat every digital interaction with heightened scepticism. Many customers are wary of this cyber espionage.
NEWS BRAINPORT
