The Council of Europe said on 15 June it was investigating claims by cybercrime group ShinyHunters that it had stolen nearly 300GB of sensitive employee and payroll data, potentially exposing personal information relating to more than 10,000 staff members.

The extortion group added the Council of Europe, the 46-member human rights organisation headquartered in Strasbourg, to its dark web leak site over the weekend. ShinyHunters claims it exfiltrated more than 297GB of data comprising over 429,000 files from multiple departments, including human resources, the Secretariat and the Parliamentary Assembly.

In a statement, the Council of Europe said: “We are currently investigating the matter and assessing the situation. We have no further comment to make at this stage.” The organisation has not confirmed that a breach occurred or that any employee data was compromised.

According to details published by the attackers, the alleged haul includes more than 409,000 payslips covering over 10,000 employees between 2011 and 2026, more than 14,000 CVs, around 3,700 personnel files and thousands of other administrative documents. ShinyHunters claims the records contain names, addresses, telephone numbers, dates of birth, salary information, bank account details, tax records and medical information.

Cybernews reported that its researchers believe the data could create significant risks if the claims are verified. The researchers said: “The data leak could prove to be very dangerous, because it ties a lot of data together.” They warned that financial, identity and medical information could be exploited for fraud, identity theft, blackmail and targeted phishing attacks.

Cybernews researchers added: “The most likely first wave would be convincing scam calls and emails with attackers impersonating HR or financial institutions.” They said the breadth of information allegedly exposed could make fraudulent communications more difficult for victims to identify.

ShinyHunters has threatened to release the data publicly if the Council of Europe does not contact the group by 16 June to begin negotiations. The gang has been linked to a series of high-profile intrusions since mid-2025 and was recently associated with attacks targeting organisations using Oracle PeopleSoft software.

The Council of Europe, founded in 1949 and distinct from the European Union, serves as a leading intergovernmental body focused on human rights, democracy and the rule of law across Europe.

---