A notorious cybercrime group claiming to be ShinyHunters has asserted responsibility for a major data breach at Dutch telecommunications firm Odido, threatening to publish millions of customer records unless a ransom is paid.

According to posts on dark web leak forums attributed to the gang, attackers exfiltrated up to 21 million records linked to Odido and its virtual operator Ben NL, far outstripping the roughly 6.2 million customer records the company previously acknowledged were compromised.

The threat actors have reportedly demanded over €1 million in ransom by February 26 to prevent the public release of stolen data — which they claim includes highly sensitive information such as full names, addresses, email addresses, plain-text passwords, IBAN details and passport numbers. Analysts warn that such data could fuel widespread identity theft or targeted social engineering attacks.

Odido confirmed earlier this month that a breach occurred in early February when hackers accessed its customer contact systems, affecting millions of users’ personal information. The company says it has reported the incident to Dutch data authorities and is investigating, although it has not publicly attributed the attack to ShinyHunters.

ShinyHunters, active since 2019, is known for high-profile extortion campaigns against global companies — often threatening to leak stolen data if ransom demands are unmet. This latest claim adds to a string of alleged breaches affecting brands across industries in recent months.