Council of Europe Probes ShinyHunters Breach Claim

Key Takeaways

• ShinyHunters claims to have stolen 429,000+ documents from the Council of Europe, including payroll records dating back to 2011
• The alleged breach exposes sensitive data for over 10,000 staff members, including bank details and medical records
• This attack is part of ShinyHunters' broader campaign targeting enterprise software vulnerabilities

The Council of Europe, the continent's oldest intergovernmental body, is investigating claims that the ShinyHunters extortion group stole hundreds of thousands of documents from its systems. The group posted the threat on its dark web leak site over the weekend and set a deadline of June 16, 2026 for the Council to respond.

The Council of Europe represents 46 European member states and more than 700 million people. It focuses on promoting human rights, democracy, and the rule of law across Europe.

“We are currently investigating the matter and assessing the situation. We have no further comment to make at this stage.”

— Council of Europe Media Department

What ShinyHunters Claims to Have Stolen

According to the group's leak site post, the allegedly stolen data includes more than 409,000 payslips for over 10,000 staff members. These records span from 2011 to 2026. The haul also reportedly includes more than 3,700 in-house personnel files, over 14,000 CVs, and other internal documents.

The stolen files reportedly contain sensitive personal and financial information. This includes names, dates of birth, home addresses, phone numbers, employee IDs, salaries, bank account details, tax information, Social Security numbers, and medical records.

ShinyHunters issued a direct warning in their post: "This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that'll come your way."

ShinyHunters' Growing Track Record

This alleged attack fits a pattern. Over the past year, ShinyHunters has claimed responsibility for breaches affecting hundreds of organizations worldwide. The group targeted Salesforce customers through Aura and Salesloft Drift campaigns, claiming to have stolen more than 1.5 billion records.

They were also linked to attacks against more than a dozen Snowflake customers and other third-party integration providers. Last week, ShinyHunters claimed a new data theft campaign that breached over 100 organizations after exploiting a zero-day vulnerability in Oracle's PeopleSoft enterprise software. The University of Nottingham was among the victims.

Why This Attack Matters

The Council of Europe is not a typical corporate target. As an intergovernmental body focused on human rights and rule of law, a breach of its employee data carries political and diplomatic weight beyond the financial exposure.

Discussion on r/cybersecurity and HackerNews has highlighted concern about the potential exposure of medical and HR records for civil servants. Many observers have noted that ShinyHunters has shifted from simple data theft to direct, time-sensitive extortion of international government bodies.

The breach, if confirmed, would expose employees to identity theft, financial fraud, and potential targeted attacks. Medical records and bank details in the wrong hands create long-term risks that extend far beyond the initial incident.

What Happens Next

The June 16 deadline has passed, but as of publication, there is no confirmation that ShinyHunters has followed through on their threat to release the data. The Council of Europe has not provided additional details about the scope of their investigation or whether any systems were compromised.

Organizations that work with or exchange data with the Council of Europe should monitor for any signs of secondary exposure. Staff members whose data may have been compromised should watch for phishing attempts and unusual account activity.

Frequently Asked Questions

Who is ShinyHunters?

ShinyHunters is a cybercrime extortion group known for large-scale data theft campaigns. They have targeted organizations through vulnerabilities in enterprise software platforms like Salesforce, Snowflake, and Oracle PeopleSoft.

What data was allegedly stolen from the Council of Europe?

ShinyHunters claims to have stolen over 429,000 documents including 409,000+ payslips, 3,700 personnel files, and 14,000 CVs. The data reportedly contains names, addresses, bank details, tax information, and medical records for more than 10,000 staff.

Has the Council of Europe confirmed the breach?

No. The Council has only stated they are investigating the matter and assessing the situation. They have not confirmed or denied that any data was stolen.

What is the Council of Europe?

The Council of Europe is an intergovernmental organization representing 46 European member states and over 700 million people. It promotes human rights, democracy, and the rule of law. It is separate from the European Union.

How did ShinyHunters allegedly gain access?

The exact method has not been disclosed. However, ShinyHunters has a pattern of exploiting zero-day vulnerabilities in enterprise software platforms to breach organizational networks.

Source: BleepingComputer