A notorious cybercrime group has claimed responsibility for a major breach of the Council of Europe, alleging it stole hundreds of gigabytes of sensitive employee and payroll data.
Quick Summary – TLDR:
- ShinyHunters claims it breached the Council of Europe and stole more than 297GB of data.
- The group alleges it exfiltrated over 429,000 files, including HR, payroll, and employee records.
- Sensitive information reportedly includes bank details, medical records, salaries, and personal identifiers.
- The Council of Europe had not publicly confirmed the incident at the time of reporting.
What Happened?
The cybercriminal group ShinyHunters has added the Council of Europe to its dark web leak site, claiming it gained access to the organization’s internal systems and stole a massive amount of sensitive information. The group is threatening to release the data publicly unless the organization enters negotiations before a stated deadline.
According to the attackers, the breach exposed a wide range of employee, payroll, and administrative records spanning multiple departments across the organization.
🚨 The Council of Europe has allegedly been breached. Over 297 GB of HR and payroll data, more than 429,000 files, has been compromised.
— International Cyber Digest (@IntCyberDigest) June 14, 2026
It marks the second major hit on European institutions this year. In March, the EU Commission, ENISA, and the Directorate-General for Digital… pic.twitter.com/rCsfs77j5u
Hackers Claim Theft of Nearly 300GB of Data
ShinyHunters says it obtained more than 297GB of data containing over 429,000 files from the Council of Europe. The organization, founded in 1949, represents 46 European nations and serves as one of the continent’s leading institutions focused on human rights, democracy, and the rule of law.
The attackers claim the compromised information came from several departments, including:
- Human Resources.
- Secretariat.
- Parliamentary Assembly.
- European Directorate for the Quality of Medicines & HealthCare.
The group has warned that the data could be published if the Council of Europe does not contact them to begin negotiations.
Employee and Payroll Records Allegedly Exposed
One of the most concerning aspects of the alleged data breach is the volume of employee information reportedly included in the stolen files.
According to ShinyHunters, the dataset contains:
- More than 409,000 payslips.
- Payroll records covering over 10,000 employees from 2011 through 2026.
- More than 14,000 CVs.
- More than 3,700 personnel files.
- Over 10,700 additional documents.
The hackers also claim to have obtained records related to contracts, purchase orders, absence reports, illness reports, interpreter scheduling, salary scales, mission travel reimbursements, performance evaluations, and payroll exports.
Sensitive Personal Information Reportedly Included
The alleged leak contains highly sensitive personal and financial information belonging to employees and staff members.
According to details shared by the attackers, the exposed records may include:
- Full names
- Employee identification numbers
- Home addresses
- Phone numbers
- Dates of birth
- Salary information
- Bank account details
- Tax information
- Social security records
- Medical records
- Mission references
The threat actor’s statement read: “Over 297 GB of Council of Europe HR and payroll data… Make the right decision, don’t be the next headline.”
Security Experts Warn of Serious Risks
Researchers warn that if the claims are accurate, the stolen information could create significant risks for affected individuals.
The combination of financial, identity, employment, and medical data could enable cybercriminals to conduct identity theft, financial fraud, and highly convincing phishing attacks. Experts also note that the exposure of salary records, home addresses, and medical information could increase the risk of blackmail and targeted social engineering campaigns.
Because many Council of Europe employees work on sensitive human rights and policy issues, the information could be particularly valuable to malicious actors seeking to pressure or target individuals.
Security researchers believe the most immediate threat may come from sophisticated scam campaigns that use detailed personal information to impersonate HR departments, banks, or government institutions.
ShinyHunters Continues High Profile Campaign
The alleged Council of Europe breach is the latest in a series of high profile incidents linked to ShinyHunters.
The group has been active since 2019 and has built a reputation for large scale data theft and extortion operations. Recent claims by the gang have included organizations such as Ralph Lauren, Madison Square Garden Sports, JCPenney, and the European Commission.
Security researchers have also connected the group to broader cybercrime networks that include actors associated with Scattered Spider and LAPSUS$.
More recently, Google reported that a campaign linked to ShinyHunters exploited a zero day vulnerability in Oracle PeopleSoft, potentially affecting around 100 organizations.
Council of Europe Yet to Confirm Incident
As of publication, the Council of Europe had not publicly acknowledged the alleged breach or confirmed whether any data had been compromised.
Until the organization releases an official statement, many of the claims remain based on information provided by the attackers themselves. However, the scale of the data allegedly involved has already raised concerns across the cybersecurity community.
SQ Magazine Takeaway
I think this alleged breach stands out because of the sheer amount of personal information reportedly involved. If the attackers’ claims are accurate, this is not just another corporate data leak. The exposure of payroll, medical, and identity records tied to thousands of employees could have long lasting consequences. Even before official confirmation arrives, the incident highlights how attractive government and international organizations remain to modern cybercriminal groups seeking both leverage and publicity.
