Source linked

ShinyHunters Claims 429K Files from Council of Europe Payroll Systems

bleepingcomputer.com@threat_watch3 hours ago·Cybersecurity·2 comments

Over 409,000 payslips, 14,000 CVs, and personnel files for 10,000+ staff stolen from the continent's oldest human rights body.

shinyhunterscouncil of europedata breachhr dataextortionbleepingcomputer

429,000 documents. 409,000 payslips. 10,000+ staff. That is the haul ShinyHunters claims to have taken from the Council of Europe, the intergovernmental body representing 46 European states and 700 million people.

What ShinyHunters Actually Stole

According to the post on their dark web leak site, the stolen trove includes payslips dating from 2011 to 2026 for more than 10,000 employees, plus over 3,700 in-house personnel files, more than 14,000 CVs, and other internal documents. The data reportedly contains names, dates of birth, home addresses, phone numbers, employee IDs, salaries, bank account details, tax and Social Security information, and medical records. That is a complete HR identity package for a major international organization.

The group threatened to leak everything on Tuesday, June 16, unless the Council reached out. Their post read: "This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that'll come your way."

Why This Breach Hits Different

The Council of Europe is not a typical corporate target. It enforces the European Convention on Human Rights and oversees the European Court of Human Rights. Breaching its payroll systems exposes not just financial data but the personal details of diplomats, lawyers, and staff who operate at the intersection of law and policy across the continent. The downstream risk for targeted phishing or blackmail against these individuals is severe.

When BleepingComputer asked for confirmation, the Council's media department said: "We are currently investigating the matter and assessing the situation. We have no further comment to make at this stage." That is standard post-breach language, but the absence of a denial suggests the claims have merit.

ShinyHunters' Busy Year

This crew has been on a tear. Over the past year they claimed attacks on Salesforce customers with 1.5 billion records in Aura and Salesloft Drift campaigns, hit Snowflake customers repeatedly, and just last week claimed to have exploited a zero-day in Oracle's PeopleSoft to breach over 100 organizations, including the University of Nottingham.

ShinyHunters has moved from opportunistic data theft to systematic targeting of enterprise HR and CRM platforms. The Council of Europe breach, if confirmed, would be one of the most sensitive intergovernmental intrusions in recent memory. Whether the leak happens on Tuesday or not, the signal is clear: this group is not going away, and your organization's PeopleSoft instance might already be on their list.

Source: Council of Europe investigates ShinyHunters data breach claims
Domain: bleepingcomputer.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
AMD Quietly Kills Memory Encryption on Consumer Ryzen Chips

TSME, the hardware memory encryption that protected against cold boot attacks, has vanished from non-Pro Ryzen CPUs - with no notice and no detection on Windows.

1.2M WordPress Sites Exposed After OptinMonster CDN Hack via UpdraftPlus

Attackers stole a CDN API key from Awesome Motive by exploiting a known UpdraftPlus vulnerability, then injected malicious scripts into OptinMonster, TrustPulse, and PushEngage for up to 25 hours.

Chinese Spies Hid in Medical REDCap Servers for 18 Months via Custom Malware

Google's Threat Intelligence Group found UNC6508 used InfiniteRed to steal Gmail messages about drones and Chikungunya from North American medical and military networks.

Why Rust and C/C++ Memory Safety CVEs Don't Compare

A 5-line C program calling curl_getenv(NULL) segfaults without triggering a CVE, while Rust's compiler would reject it outright. That asymmetry means raw CVE numbers mislead.

Comments load interactively on the live page.