Overview
- Hackers linked to ShinyHunters posted a second batch of roughly one million additional records after Odido refused to pay a ransom reportedly between €500,000 and €1 million.
- The criminals say they plan further releases this weekend, including up to two million records per day, increasing pressure on the telecom provider.
- Odido has said data from about 6.2 million accounts was stolen, and only a portion has been published so far following an initial leak affecting hundreds of thousands of customers.
- RTL Nieuws found multiple BSNs in the published files, mainly tied to current or former self‑employed customers whose older VAT numbers contained their BSN, contradicting Odido’s earlier claim that it did not store BSNs.
- Authorities and specialists warn the BSN cannot be changed, advise heightened caution for targeted phishing, and note current guidance does not call for replacing passports or ID cards.