SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

ShinyHunters Claims Council of Europe Hack

The extortion group threatens to leak 297 GB of data allegedly stolen from the Council of Europe, including employee personal information.
European Union (EU)

The notorious extortion group ShinyHunters claims to have hacked the Council of Europe and to have stolen nearly 300 gigabytes of data.

Europe’s leading human rights organization and an official United Nations observer, the Council of Europe was founded in 1949 and includes 46 member states, including 27 European Union countries.

On Sunday, ShinyHunters added the Council of Europe to its Tor-based leak site, threatening to release more than 297 GB of data allegedly stolen from the organization’s network.

The hacking group says it exfiltrated over 429,000 files across various departments, including HR, Secretariat, Parliamentary Assembly, and the European Directorate for the Quality of Medicines & HealthCare.

The files allegedly include the payroll data of more than 10,000 Council employees from 2011 to 2026, over 14,000 CVs, contract and purchase order records, absence and illness reports, bank account information, performance evaluations, and payroll exports.

Additionally, the hacking group says the stolen data includes employee names, IDs, addresses, phone numbers, dates of birth, tax and social security information, and medical records.

Advertisement. Scroll to continue reading.

ShinyHunters says it will release the stolen data publicly if the Council of Europe does not contact it by June 16 to begin negotiations.

“We are currently investigating the matter and assessing the situation. We have no further comment to make at this stage,” the Council of Europe said, responding to a SecurityWeek inquiry.

Since mid-2025, the extortion group has been linked to multiple high-profile intrusions, mainly targeting Salesforce customers, including Carnival, Canvas, Grafana, CarGurus, Panera Bread, and other incidents.

Last week, Google confirmed that a new ShinyHunters campaign exploited a zero-day vulnerability in Oracle PeopleSoft, likely impacting 100 organizations.

*Updated with statement from the Council of Europe.

Related: Maine Disables Data Breach Portal Due to Fake Submissions

Related: Iranian Cyber Group Handala Claims Cal Water Hack

Related: 174,000 Impacted by Lansing Community College Data Breach

Related: Ukrainian Extradited to US Faces Charges in Jabber Zeus Cybercrime Case

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

SolarWinds has appointed Justin Henkel as Chief Information Security Officer.

J. Paul Haynes has joined Cinchy as Chief Executive Officer.

Hatem Naguib has become Chief Executive Officer at Sysdig.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.