ShinyHunters Claims Council of Europe Hack

Summary

Extortion group ShinyHunters claims to have breached the Council of Europe, exfiltrating over 297 GB of data. The stolen information allegedly includes employee personal details, payroll, CVs, and medical records. The group threatens to leak the data publicly if negotiations do not begin by June 16.

Full text

The notorious extortion group ShinyHunters claims to have hacked the Council of Europe and to have stolen nearly 300 gigabytes of data. Europe’s leading human rights organization and an official United Nations observer, the Council of Europe was founded in 1949 and includes 46 member states, including 27 European Union countries. On Sunday, ShinyHunters added the Council of Europe to its Tor-based leak site, threatening to release more than 297 GB of data allegedly stolen from the organization’s network. The hacking group says it exfiltrated over 429,000 files across various departments, including HR, Secretariat, Parliamentary Assembly, and the European Directorate for the Quality of Medicines & HealthCare. The files allegedly include the payroll data of more than 10,000 Council employees from 2011 to 2026, over 14,000 CVs, contract and purchase order records, absence and illness reports, bank account information, performance evaluations, and payroll exports. Additionally, the hacking group says the stolen data includes employee names, IDs, addresses, phone numbers, dates of birth, tax and social security information, and medical records.Advertisement. Scroll to continue reading. ShinyHunters says it will release the stolen data publicly if the Council of Europe does not contact it by June 16 to begin negotiations. The Council of Europe has yet to acknowledge the incident publicly. SecurityWeek has emailed the organization and will update this article if it responds. Since mid-2025, the extortion group has been linked to multiple high-profile intrusions, mainly targeting Salesforce customers, including Carnival, Canvas, Grafana, CarGurus, Panera Bread, and other incidents. Last week, Google confirmed that a new ShinyHunters campaign exploited a zero-day vulnerability in Oracle PeopleSoft, likely impacting 100 organizations. Related: Maine Disables Data Breach Portal Due to Fake Submissions Related: Iranian Cyber Group Handala Claims Cal Water Hack Related: 174,000 Impacted by Lansing Community College Data Breach Related: Ukrainian Extradited to US Faces Charges in Jabber Zeus Cybercrime Case Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Iranian Cyber Group Handala Claims Cal Water HackIvanti Sentry Exploitation Attempts Hitting HoneypotsChrome 149 Update Patches 28 VulnerabilitiesCISA Directs Federal Agencies to Prioritize Security Patches Based on RiskHackers Exploit Langflow Vulnerability for Remote Code ExecutionSplunk, Palo Alto Networks Patch Severe Vulnerabilities‘GreatXML’ Zero-Day Exploit Bypasses BitLockerCyera Raises $600 Million at $12 Billion Valuation Latest News Ukrainian Man Pleads Guilty in US to Conti Ransomware ChargesOzempic Maker Novo Nordisk Says Hackers Breached IT SystemsFrench Government Messaging Platform Breached by Mysterious ‘Misere’ HackerFBI, Google Dismantle ‘Outsider Enterprise’ Phishing ServiceMaine Disables Data Breach Portal Due to Fake Submissions NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain AttacksAnthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export ControlsIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveStephen Garcia has been named Chief Information Security Officer at BreachRx.Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.Chaim Mazal has been named Chief Information Security Officer at GitLab.More People On The MoveExpert Insights After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities