Following a massive cyberattack on the customer service database of telecom company Odido, the hacker group responsible has begun publishing stolen data on the dark web, according to local broadcaster RTL. The cybercriminal group Shinyhunters had attempted to extort ransom from the company, but Odido firmly refused to make any payment, after which the data leakage campaign began.
6.2M Customers’ Data Including Bank Details Exposed
The company stated that approximately 6.2 million customers were affected by the cyberattack, although the hacker group claims that more than 10 million people were impacted. The first phase of the data released on the dark web reportedly contains information related to about 430,000 individuals and 290,000 companies. The leaked records include names, addresses, phone numbers, email IDs, and bank account details.
275K Bank Accounts at Risk of Financial Fraud
Reports also revealed that hackers published around 275,000 bank account numbers, which could be exploited by cybercrime networks for financial fraud. Experts warned that the public exposure of banking information significantly increases the risk of online fraud and identity theft. The leaked database also contained customer service staff comments, including notes related to customers’ financial status, unpaid bills, and behavioural observations.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
Health Data and Death Records Among Leaked Info
A particularly concerning aspect of the breach is that the database reportedly contained sensitive health-related information and records linked to some customers’ deaths. The company clarified that this data was originally stored in its customer service system but was illegally accessed and released after the cyberattack. Security experts believe such sensitive information could be misused to cause both social and financial harm.
Odido Rejects Ransom, Activates Countermeasures
Odido said it is working with cybersecurity advisers and government authorities to develop further response strategies. The company strongly emphasized that it will not negotiate with or submit to blackmail demands from hacker groups. In an official statement, Odido confirmed that it would not engage with the criminals and would continue legal and technical countermeasures.
At present, there is no legal mechanism for customers to verify whether their personal data has been published on the dark web. This has created anxiety among potentially affected users, as the leaked information could be used for various types of financial scams. Cybersecurity specialists advise customers to closely monitor their bank account activities and immediately report any suspicious transactions.
Shinyhunters Threatens More Data in 16 Days
The hacker group has threatened to release more data within the next 16 days if their demands are not met. This warning has also raised concerns among cybersecurity agencies. Government authorities and security consultants are investigating the incident and working on strategies to minimize potential risks.
In the digital era, cybercrime is becoming increasingly sophisticated, creating serious security challenges for telecom and financial companies. Experts say that stronger encryption, regular security audits, and international cooperation are essential measures to prevent such attacks in the future. Investigative agencies are currently examining the technical and criminal aspects of the cyberattack.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
