CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Odido Data Breach Exposes 6.2 Million Customer Records

First reported
Last updated
2 unique sources, 3 articles

Summary

Hide ▲

Dutch telecommunications provider Odido suffered a cyberattack that exposed personal data of 6.2 million customers. The breach occurred in their customer contact system, but no passwords, call logs, or billing information were affected. The company detected the incident on February 7 and has since taken steps to secure their systems and notify affected customers. The exposed data includes full names, addresses, mobile numbers, customer numbers, email addresses, IBANs, dates of birth, and identification data. Odido has reported the breach to the Dutch Data Protection Authority and is working with external cybersecurity experts to mitigate the incident. The ShinyHunters extortion gang has claimed responsibility for the breach, stating they have stolen nearly 21 million records, including internal corporate data and plaintext passwords. Odido has denied these claims, asserting that no passwords or sensitive data were compromised.

Timeline

  1. 24.02.2026 13:40 1 articles · 23h ago

    ShinyHunters claims responsibility for Odido breach

    The ShinyHunters extortion gang has claimed responsibility for the Odido breach, stating they have stolen nearly 21 million records, including internal corporate data and plaintext passwords. Odido has denied these claims, asserting that no passwords or sensitive data were compromised. ShinyHunters has threatened Odido with a data leak and additional 'annoying (digital) problems' if their demands are not met.

    Show sources
    Open in new tab
  2. 12.02.2026 20:18 3 articles · 12d ago

    Odido Data Breach Exposes 6.2 Million Customer Records

    On February 7, Odido detected a cyberattack that breached their customer contact system, exposing personal data of 6.2 million customers. The company has since blocked unauthorized access, strengthened security controls, and reported the breach to the Dutch Data Protection Authority. Affected customers are being notified via email. The ShinyHunters extortion gang has claimed responsibility for the breach, stating they have stolen nearly 21 million records, including internal corporate data and plaintext passwords. Odido has denied these claims, asserting that no passwords or sensitive data were compromised.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Figure Fintech Breach Exposes 967,200 Accounts via Social Engineering

Figure Technology Solutions, a blockchain-based fintech firm, suffered a data breach affecting nearly 1 million accounts. Hackers stole personal and contact information through a social engineering attack. The breach was attributed to the ShinyHunters extortion group, which leaked 2.5GB of data from loan applicants. The attackers impersonated IT support to trick employees into providing access to SSO accounts, gaining entry to various enterprise applications.

Open in new tab

Grubhub Data Breach and Extortion Attempt by ShinyHunters

Grubhub confirmed a recent data breach where unauthorized individuals accessed and downloaded data from its systems. The company stated that sensitive information such as financial data or order history was not affected. However, sources indicate that the ShinyHunters cybercrime group is extorting Grubhub, demanding Bitcoin to prevent the release of stolen Salesforce and Zendesk data. The breach is believed to be connected to stolen credentials from the recent Salesloft Drift data theft attacks.

Open in new tab

SitusAMC Data Breach Exposes Client and Customer Information

SitusAMC, a real-estate finance services provider for major banks, disclosed a data breach on November 12, 2025, that compromised client and customer data. The breach impacted accounting records, legal agreements, and potentially customer data. The company is still investigating the extent of the breach and has not identified the attackers or the exact methods used. SitusAMC confirmed that no ransomware was deployed and business operations remain unaffected. The company is contacting affected clients and customers individually.

Open in new tab

ShinyHunters Breach Affects Checkout.com Legacy Cloud Storage

Checkout.com, a global payment processing firm, disclosed a data breach involving a legacy cloud storage system compromised by the ShinyHunters threat group. The breach affected less than 25% of its current merchant base and included data from 2020 and earlier. The company refused to pay the ransom and instead plans to donate the amount to cybersecurity research at Carnegie Mellon University and the University of Oxford Cyber Security Center. The compromised data includes internal operational documents and onboarding materials. ShinyHunters is known for exploiting vulnerabilities and using social engineering tactics to extort large organizations.

Open in new tab

Renault and Dacia UK Customers Affected by Third-Party Data Breach

Renault and Dacia UK customers have been notified of a data breach affecting personal information shared with a third-party provider. The breach exposed full names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers, and vehicle registration numbers. The third-party provider has isolated the incident and removed the threat from its networks. The affected customers are advised to be vigilant against potential phishing and social engineering attacks. The number of impacted customers and the identity of the third-party provider have not been disclosed. The breach follows a significant cyberattack at Jaguar Land Rover in the UK, which disrupted operations for nearly a month, and is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER.

Open in new tab