Dutch telecom firm Odido has continued to refuse to pay money to the ShinyHunters hacker group. The group then decided to put all the data from the major hack online. This includes name and address details, as well as email addresses, social security numbers, ID cards, and sensitive personal information.
ShinyHunters had already started posting batches of customer data online. They planned to continue doing so every day until all the data was online. However, last weekend, the hacker collective published all the remaining data in one go. According to the NOS, this involves data from more than 6.5 million people and 600,000 companies.
Whereas it was previously thought that only name and address details were involved, this is certainly not the case. Social security numbers and copies of identity documents have also been stolen. But that’s not all: sensitive customer information has been stolen and is now published.
It is unknown why ShinyHunters decided to publish all the remaining data online at once. It is likely related to the ransom demand, which Odido consistently refused to pay. The group’s website states that “recent developments” have led to the remaining customer data being published in a single batch.
The large batch of data now online also includes “just over 5 million unique ID documents,” including driver’s licenses and passports. The birth dates of Odido customers and information about administrators can also be found online, as well as many residence permits for diplomats. ShinyHunters says it has stolen even more data, but will not publish it because it is not relevant.
Largest data breach ever in the Netherlands
The hack at the provider is (one of) the largest in the Netherlands and is the result of phishing. This is how the malicious parties gained access to the Odido environment and stole millions of records undisturbed. At the end of February, news broke that the hacker collective ShinyHunters was behind the cyberattack and had also demanded a ransom. A week later, all the stolen information was posted online.
This hack could have major consequences for many people, as their personal data is now publicly available. Odido, among others, is calling on customers to be extra vigilant in the coming months regarding incoming emails, phone calls, and messages from all kinds of organizations. Criminals could use the published data to cause even more harm. The Public Prosecution Service has also launched an investigation into the hack at the provider.