Council of Europe Probes ShinyHunters Breach Claims
▼ Summary
– The Council of Europe is investigating claims by the ShinyHunters extortion group of a data breach involving stolen HR and payroll data.
– ShinyHunters claims to have stolen over 429,000 documents, including payslips and personnel files, from multiple Council of Europe departments.
– The stolen files allegedly contain personal and financial data such as names, addresses, salaries, bank details, and medical records.
– ShinyHunters threatened to leak the data on June 16, 2026, unless the Council contacts them before that deadline.
– ShinyHunters has also claimed recent attacks on Salesforce, Snowflake, and over 100 organizations via an Oracle PeopleSoft zero-day.
The Council of Europe, recognized as the continent’s oldest intergovernmental institution, is actively investigating claims of a major data breach allegedly carried out by the ShinyHunters extortion group over the past weekend. As Europe’s foremost human rights organization, the Council represents 46 member states and more than 700 million people, championing democracy and the rule of law across the region.
When BleepingComputer reached out for confirmation, the Council of Europe’s media team stated that the organization is examining the situation but could not provide additional details at this time. “We are currently investigating the matter and assessing the situation. We have no further comment to make at this stage,” the Council said in a statement.
On their dark web leak site, ShinyHunters posted a claim that they had stolen over 429,000 documents containing HR and payroll data from multiple Council departments. The group threatened to release the allegedly exfiltrated files by Tuesday, issuing what they called a final warning. “This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that’ll come your way,” they wrote.
According to the group, the stolen data includes more than 409,000 payslips for over 10,000 employees, spanning from 2011 to 2026. They also claimed to have accessed over 3,700 internal personnel files, more than 14,000 CVs, and other documents. The compromised information reportedly contains a broad spectrum of personal and financial details, including names, dates of birth, home addresses, phone numbers, employee IDs, salary records, bank account numbers, tax and Social Security data, and medical records.
Over the past year, ShinyHunters has been linked to a series of high-profile cyberattacks. They previously claimed to have stolen more than 1.5 billion records from Salesforce customers, targeting hundreds of organizations worldwide through Salesforce Aura and Salesloft Drift campaigns. The group was also connected to breaches affecting over a dozen Snowflake customers and other third-party integration providers.
Just last week, the extortion group took responsibility for a new data theft campaign that compromised over 100 organizations, including the University of Nottingham. That attack exploited a zero-day vulnerability in Oracle’s PeopleSoft enterprise business software suite, further underscoring the group’s persistent and evolving threat landscape.
(Source: BleepingComputer)
