Europol confirms web platform breach

Europol has confirmed that its Europol Platform for Experts (EPE) portal was breached after a threat actor posted an ad claiming they were selling the agency's classified data.

The European Union’s law enforcement agency, Europol, said it is “aware of the incident and is assessing the situation.”

Late last week, an attacker known as IntelBroker posted an ad on a popular data leak forum, offering data supposedly stolen from several of Europol’s teams and task forces.

The attackers went as far as to say that they have obtained For Official Use Only (FOUO) documents containing classified data. The breach supposedly took place in May 2024.

However, the agency said the “incident concerns a Europol Platform for Expert (EPE) closed user group.” EPE is an online platform law enforcement experts use to share knowledge and best practices.

Europol data leak
Post announcing the leak. Image by Cybernews.

“No operational information is processed on this EPE application. No core systems of Europol are affected, and therefore, no operational data from Europol has been compromised,” Europol said in a statement shared with Cybernews.

Meanwhile, the data leak ad claims that the stolen data involves FOUO source code, documents for recon and guidelines, and employee info. It also includes data from the space and cryptocurrency division of Europol's European Cybercrime Center (EC3), the Partnership on Climate Change and Sustainable Energy (CCSE), and the SIRIUS project, which helps investigators with cross-border data requests.

The data samples that IntelBroker provided show a supposed discussion between investigators on how to better obtain data from Telegram and other platforms, which cybercriminals often use.

Additional data samples depicted information on cybersecurity experts from various organizations, including their names, surnames, job titles, areas of responsibility, and other details.

At the time of publishing, the ad on the data leak forum said the information had already been sold. The attacker offered the full dataset for an unspecified price, accepting funds only in Monero cryptocurrency.

IntelBroker is a well-known attacker who has leaked data from PandaBuy and HomeDepot. Previously, the same hacker stole data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and Facebook Marketplace.