Bleeping Computer reports:
The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems.
Odido is one of the largest telecommunications companies in the Netherlands and offers mobile, broadband, and television services to millions of customers nationwide.
The company disclosed the breach on February 12, revealing that attackers downloaded the personal data of many of its users after gaining access to its customer contact system on February 7. However, Odido added that no Mijn Odido passwords, call details, location, data, billing data, or scans of identity documents were exposed during the incident.
According to the telecom firm, the exposed information varies per customer and may include a combination of full name, address and city of residence, mobile number, customer number, email address, IBAN (bank account number), date of birth, and some identification details (passport or driver’s license number and validity).
Read more at Bleeping Computer.
The telecom and ShinyHunters have issued conflicting claims on some points. From the telecom’s early disclosure of the incident and statements. The criminals’ “final warning” on their darkweb leak site suggests that the telecom will not be paying any extortion demand, even though they have been threatened with having all of the data leaked “along with several annoying (digital) problems that’ll come your way.”
