SHINYHUNTERS has claimed responsibility for breaching the Council of Europe, saying it exfiltrated close to 300 gigabytes of data and threatening to publish it unless the organisation begins negotiations by 16 June (according to SecurityWeek). The Council has not yet confirmed or denied the intrusion.
The stolen archive reportedly contains more than 429,000 files, including over 409,000 payslips, about 14,000 curriculum vitae and roughly 3,700 internal human resources documents (as detailed by DataBreaches.net). These records span from 2011 to the present and expose personal identification numbers, salary details and bank account information for more than 10,000 individuals linked to the institution.
ShinyHunters has previously targeted major companies, including clients of Salesforce, and has been linked to the exploitation of a zero‑day flaw in Oracle PeopleSoft. The group’s tactics often involve stealing large volumes of data and then using the threat of publication to extort payment.
As of mid‑June there is no public evidence that the Council of Europe has taken any remedial action or acknowledged the breach, leaving the validity of the claim under investigation. Security researchers advise treating the claim as credible until proven otherwise, given the group’s track record of accurate disclosures.
Organisations that hold similar HR or payroll data should immediately review access logs for unusual download activity and enforce multi‑factor authentication on all privileged accounts. They should also consider resetting passwords for any accounts that may have been exposed and monitor dark‑web forums for signs that the alleged 300 GB archive is being offered for sale. Finally, incident response teams should update their communication plans to include a clear stance on whether they will engage with extortionists.
Law‑enforcement agencies should be notified promptly, and any decision to negotiate must be weighed against the risk of encouraging further attacks. Maintaining offline, encrypted backups of critical records remains the most reliable defence against data‑loss extortion schemes.