Thought Leadership
The cybercriminal group ShinyHunters has claimed responsibility for a large-scale data breach targeting the Council of Europe. According to the group, the incident involves personal and payroll data belonging to around 10,000 employees.
ShinyHunters has listed the Council of Europe on its dark web leak site, alleging it gained access to the organization’s HR and payroll systems. The attackers claim to have exfiltrated approximately 297 gigabytes of data, corresponding to more than 429,000 individual files.
The Council of Europe is an international organization representing 46 member states, focused on human rights, democracy, and the rule of law. It is not part of the European Union, although both institutions share the same flag. As of now, there has been no official confirmation of the incident from the organization.
Alleged Scope of the Data Leak
The hackers provided a detailed breakdown of the purportedly stolen material. According to their claims, the dataset includes around 409,000 payslips spanning more than 10,000 employees over the past 15 years. It also allegedly contains over 14,000 CVs, around 3,700 personnel files, and approximately 10,700 additional documents.
In their disclosure, the attackers stated that the data includes “contract and procurement records, travel overpayment logs, interpreter scheduling data, 2026 salary tables, Blue List duty rosters, absence and sick leave reports, bank account and URSSAF payroll data, performance evaluations, and payroll exports.”
Severe Risk for Affected Employees
Cybersecurity researchers at Cybernews warn that the exposed data could pose significant risks to affected individuals. The breadth of information allows for the creation of highly detailed personal profiles that could be exploited for criminal purposes.
The potentially compromised data includes:
- Full names and employee identification numbers
- Home addresses and phone numbers
- Dates of birth and salary levels
- Banking details and tax information
- Social security data and medical records
Experts note that the combination of financial, personal, and health-related data significantly increases the risk of extortion, identity theft, and financial fraud. Given that Council of Europe staff may be involved in sensitive human rights work, there is also concern that such data could be used for targeted pressure or coercion.
Security analysts expect the first wave of attacks to involve phishing emails and phone scams, with attackers impersonating HR departments or financial institutions.
ShinyHunters’ Ongoing Cybercrime Campaign
The ShinyHunters group has been active since 2019 and is known for high-profile breaches of major corporations and institutions. Just last week, the group claimed responsibility for attacks on Ralph Lauren, Madison Square Garden Sports, and JCPenney.
In March 2026, the group also alleged a breach of the European Commission, claiming the theft of around 350 gigabytes of data.
Security researchers link ShinyHunters to a broader cybercriminal ecosystem that includes groups such as Scattered Spider and Lapsus$. Despite arrests in Canada, France, Turkey, and Finland, the collective’s activity has continued.
(ll)
