ShinyHunters Claims Council of Europe Hack

The cyber extortion group ShinyHunters claims to have breached the Council of Europe, Europe’s leading human rights organization and a UN observer with 46 member states. The group posted on its Tor-based leak site, alleging the theft of over 297 GB of data, including 429,000 files from departments like HR, Secretariat, and the Parliamentary Assembly. The stolen data reportedly includes payroll records for over 10,000 employees spanning 2011–2026, along with CVs, contracts, bank details, performance evaluations, and medical records. ShinyHunters also claims to have exfiltrated sensitive personal information, such as names, IDs, addresses, phone numbers, dates of birth, tax data, and social security numbers. The group has demanded the Council of Europe contact them by June 16 to negotiate, threatening to publicly release the data if no response is received. The Council of Europe has not issued a public statement regarding the incident, despite repeated high-profile attacks by ShinyHunters since mid-2025. ShinyHunters has previously targeted Salesforce customers, including Carnival, Canvas, Grafana, CarGurus, and Panera Bread. Last week, Google confirmed the group exploited a zero-day vulnerability in Oracle PeopleSoft, potentially affecting 100 organizations. This follows a pattern of escalating cyber extortion campaigns, with ShinyHunters leveraging stolen data to pressure victims into negotiations. The Council of Europe’s silence raises concerns about the scale of the breach and its potential impact on employees and operations.