A new investigation has revealed that the EU’s police agency created an emergency data system to fight terrorism, but it gradually evolved into a vast, insecure “shadow database” holding sensitive information on millions of people, many of whom were not linked to any crimes at all.

An investigation by Computer Weekly reveals how crisis-driven decisions taken after the 2015 Paris terror attacks led to the creation of a parallel data system that would become central to Europol’s operations.

The agency’s main shadow system, the Computer Forensic Network (CFN) was originally set up in 2012 to process complex digital evidence, including large datasets and potentially dangerous files such as malware.

Emergency measures after Paris attacks

After the Paris attacks, which targeted civilians in restaurants, a football stadium and the Bataclan concert hall and killed 130 people, Europol was inundated with intelligence from across Europe and came under intense pressure to deliver results quickly.

To cope, the CFN was repurposed into a high-speed analysis platform capable of handling vast quantities of raw data that official systems could not process.

That included phone logs of people who happened to be near the Bataclan stadium during the attack, even if they were not suspects.

Computer Weekly, Greece-based investigative journalist org Solomon and the German non-profit Corrective uncovered the database flaws through leaked internal documents and emails, internal reports and testimony from whistleblowing Europol officials.

“A black hole for data”

According to the investigation’s detailed and lengthy report, over time, what began as a specialist forensic tool became, in the words of one former senior official, a “black hole” for data. In this system, a vast amount of information could be stored and analyzed with far fewer controls than in Europol’s formal databases.

The investigation said that by 2019 the system held at least two petabytes of data and effectively contained almost all of Europol’s operational information.

Curious what others think about this story? Contribute your thoughts to the debate below.

Alongside it, investigators uncovered a second system, internally known as the “Pressure cooker,” built in “emergency mode” to rapidly collect and analyze data from the open internet during live investigations.

Unlike law enforcement’s formal systems, it was developed outside standard IT processes and operated with limited oversight, allowing analysts to bypass delays associated with compliance and approvals.

Together these systems were speedy and resourceful – but a significant risk to the people whose sensitive data was being stored.

Flaws could bring system to “complete shutdown”

Internal assessments found the CFN suffered from security vulnerabilities, including weak passwords, poor control over administrator access and limited ability to track who accessed or altered data.

According to an internal warning issued in 2019, the system risked triggering a processing ban from the European Data Protection Supervisor – potentially bringing Europol’s operations close to a “complete shutdown.”

Experts warned this could allow sensitive information to be accessed, modified or deleted without detection, raising concerns over privacy and the integrity of criminal cases.

Former officials said that law enforcers started to rely on these unofficial, unprotected systems, which became embedded in everyday operations long after the terror attack investigations had passed.

“They protect the law while breaking it,” one former senior official said of Europol.

Europol issued a statement denying any wrongdoing, saying it had acted transparently and that its systems operated within a regulated environment. It describes claims that it concealed systems from regulators as a "misrepresentation of facts.”

The findings come as the European Commission considers expanding Europol’s powers as part of a strategy to improve the bloc's internal security.

---

Unlock more exclusive Cybernews content on YouTube.