Council of Europe Probes ShinyHunters Breach Claim
Key Takeaways
- ShinyHunters claims to have stolen 429,000+ documents from the Council of Europe, including payroll records dating back to 2011
- The alleged breach exposes sensitive data for over 10,000 staff members, including bank details and medical records
- This attack is part of ShinyHunters' broader campaign targeting enterprise software vulnerabilities
The Council of Europe, the continent's oldest intergovernmental body, is investigating claims that the ShinyHunters extortion group stole hundreds of thousands of documents from its systems. The group posted the threat on its dark web leak site over the weekend and set a deadline of June 16, 2026 for the Council to respond.
The Council of Europe represents 46 European member states and more than 700 million people. It focuses on promoting human rights, democracy, and the rule of law across Europe.
“We are currently investigating the matter and assessing the situation. We have no further comment to make at this stage.”
— Council of Europe Media Department
What ShinyHunters Claims to Have Stolen
According to the group's leak site post, the allegedly stolen data includes more than 409,000 payslips for over 10,000 staff members. These records span from 2011 to 2026. The haul also reportedly includes more than 3,700 in-house personnel files, over 14,000 CVs, and other internal documents.
The stolen files reportedly contain sensitive personal and financial information. This includes names, dates of birth, home addresses, phone numbers, employee IDs, salaries, bank account details, tax information, Social Security numbers, and medical records.
ShinyHunters issued a direct warning in their post: "This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that'll come your way."
ShinyHunters' Growing Track Record
This alleged attack fits a pattern. Over the past year, ShinyHunters has claimed responsibility for breaches affecting hundreds of organizations worldwide. The group targeted Salesforce customers through Aura and Salesloft Drift campaigns, claiming to have stolen more than 1.5 billion records.
They were also linked to attacks against more than a dozen Snowflake customers and other third-party integration providers. Last week, ShinyHunters claimed a new data theft campaign that breached over 100 organizations after exploiting a zero-day vulnerability in Oracle's PeopleSoft enterprise software. The University of Nottingham was among the victims.
Why This Attack Matters
The Council of Europe is not a typical corporate target. As an intergovernmental body focused on human rights and rule of law, a breach of its employee data carries political and diplomatic weight beyond the financial exposure.
Discussion on r/cybersecurity and HackerNews has highlighted concern about the potential exposure of medical and HR records for civil servants. Many observers have noted that ShinyHunters has shifted from simple data theft to direct, time-sensitive extortion of international government bodies.
The breach, if confirmed, would expose employees to identity theft, financial fraud, and potential targeted attacks. Medical records and bank details in the wrong hands create long-term risks that extend far beyond the initial incident.
Logicity's Take
What Happens Next
The June 16 deadline has passed, but as of publication, there is no confirmation that ShinyHunters has followed through on their threat to release the data. The Council of Europe has not provided additional details about the scope of their investigation or whether any systems were compromised.
Organizations that work with or exchange data with the Council of Europe should monitor for any signs of secondary exposure. Staff members whose data may have been compromised should watch for phishing attempts and unusual account activity.
Another case of prolonged, undetected data exfiltration from a high-value institutional target
Frequently Asked Questions
Who is ShinyHunters?
ShinyHunters is a cybercrime extortion group known for large-scale data theft campaigns. They have targeted organizations through vulnerabilities in enterprise software platforms like Salesforce, Snowflake, and Oracle PeopleSoft.
What data was allegedly stolen from the Council of Europe?
ShinyHunters claims to have stolen over 429,000 documents including 409,000+ payslips, 3,700 personnel files, and 14,000 CVs. The data reportedly contains names, addresses, bank details, tax information, and medical records for more than 10,000 staff.
Has the Council of Europe confirmed the breach?
No. The Council has only stated they are investigating the matter and assessing the situation. They have not confirmed or denied that any data was stolen.
What is the Council of Europe?
The Council of Europe is an intergovernmental organization representing 46 European member states and over 700 million people. It promotes human rights, democracy, and the rule of law. It is separate from the European Union.
How did ShinyHunters allegedly gain access?
The exact method has not been disclosed. However, ShinyHunters has a pattern of exploiting zero-day vulnerabilities in enterprise software platforms to breach organizational networks.
Need Help Implementing This?
Source: BleepingComputer
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
OptinMonster WordPress Plugin Hacked in CDN Supply-Chain Attack
Hackers compromised Awesome Motive's CDN to inject malicious code into OptinMonster, TrustPulse, and PushEngage plugins. The attack affected up to 1.2 million WordPress sites and created rogue admin accounts with full backdoor access before being detected.
Cisco Patches SD-WAN Zero-Day Already Exploited in Attacks
Cisco has fixed a vulnerability in Catalyst SD-WAN Manager that attackers were already using to gain root access on enterprise networks. The flaw affects all deployment types, including cloud and on-prem installations. Security teams should patch immediately and check logs for indicators of compromise.
5 Travel Gadgets Under $50 That Solve Real Problems
A tech journalist who logs thousands of air miles annually shares five affordable gadgets that address the most common travel frustrations. From USB-A cables for in-flight charging to vacuum bags for carry-on space, these picks prioritize function over flash.