The Council of Europe (CoE), the continent's leading human rights body, has been posted on ShinyHunters' dark web blog. The gang is claiming a massive data breach that exposes nearly half a million HR and payroll records, as well as COE employee data such as names and home addresses.

ShinyHunters claim the Council of Europe suffered a major breach exposing HR, payroll, and employee records.
The alleged leak includes names, addresses, salaries, bank details, tax data, and medical records.
Security researchers warn the exposed data could enable fraud, identity theft, blackmail, and highly targeted phishing scams.
ShinyHunters says it stole hundreds of gigabytes of files, but the Council of Europe has not confirmed the breach.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The notorious hacker collective claimed CoE over the weekend, sharing a lengthy post about the attack on a dark web post. The attackers claim they accessed over 297GB of HR and payroll data, stealing over 429,000 files.

CoE is an international organization representing 46 European nations, with a focus on human rights, democracy, and the rule of law. The organization is not a European Union institution, despite often being confused with one, as they share the same flag.

We have reached out to CoE for comment and will update this article once we receive a reply.

Meanwhile, ShinyHunters shared an unusually long post detailing what type of CoE data the cybergang has accessed. According to the attackers, the unconfirmed CoE data breach involves CoE’s HR and payroll systems, affecting numerous departments of the organization.

The alleged leak supposedly includes 409,000 payslips covering over 10,000 staff over the last 15 years. Additionally, attackers claim access to over 14,000 CVs, over 3,700 personnel files, and 10,700 other documents.

council europe data breach — ShinyHunters' post on the dark web. Image by Cybernews.

What Council of Europe data do attackers claim to have?

ShinyHunters claim the exposed details reveal “contract and purchase order records, mission travel overpayments, interpreter scheduling and 2026 salary scales, Blue List rosters, absence and illness reports, bank account and URSSAF payroll data, performance evaluations, and payroll exports.”

The exposed documents reveal:

Full names
Employee IDs
Home addresses
Phone numbers
Dates of birth
Salaries
Bank details
Tax informations
Social security information
Medical records
Mission references

The Cybernews research team believes that, if confirmed, the data leak could be “very dangerous” for the exposed individuals. Mostly because the scope of the breach allows the creation of an extremely detailed and comprehensive victim profile, with extensive details from employment records to medical records.

“The data leak could prove to be very dangerous, because it ties a lot of data together. Cybercriminals can use bank and tax data for direct financial fraud, use the identity details to open loans or accounts in someone's name, and use the medical or performance records to blackmail people,” our researchers explained.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.

18,611,353,922

Breached accounts

36,030

Breached websites

Since CoE staff work on sensitive human rights cases, malicious actors could sell the information to parties seeking to pressure them. Salary details, home addresses, and medical records allow for ample opportunities to blackmail and target individuals.

However, our team believes that the most likely way compromised data would be abused is through scams. Detailed victim profiles allow them to target individuals with convincing scams, which usually aim to steal victims’ money.

“The most likely first wave would be convincing scam calls and emails with attackers impersonating HR or financial institutions. What makes it worse is that the scams would be hard to spot because the attackers have extensive victim details,” the team explained.

Who are ShinyHunters?

ShinyHunters has built a reputation for high-impact data theft and extortion operations. Last week, the gang claimed American fashion behemoth Ralph Lauren Corporation, New York Knicks owner Madison Square Garden Sports, and retail store chain JCPenney.

In March, ShinyHunters claimed the European Commission, the European Union’s executive arm. The gang claims access to more than 350GB of data.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

The group has been active since 2019. Security researchers have linked the group to a broader supergroup alongside Scattered Spider and LAPSUS$, all of which share overlapping members and roots in the youth cybercrime subculture known as "The Com."

Arrests across Canada, France, Turkey, and Finland seem not to have deterred gang members from targeting established brands.

Unlock more exclusive Cybernews content on YouTube.