general · BleepingComputer
The Council of Europe is investigating data breach claims made by the ShinyHunters extortion group over the weekend. ShinyHunters posted on their dark web leak site claiming to have stolen more than 429,000 documents containing HR and payroll data from multiple Council of Europe departments, including over 409,000 payslips, more than 3,700 personnel files, and over 14,000 CVs spanning 2011 to 2026. The group threatened to publish the files and warned of additional "digital problems" unless contacted by June 16, 2026. The allegedly stolen documents reportedly contain sensitive personal and financial information including names, dates of birth, addresses, phone numbers, employee IDs, salaries, bank account details, tax and Social Security information, and medical records. The Council of Europe's media department confirmed to BleepingComputer that it is investigating the matter but declined to provide additional details.
For Omniware's buyers, this incident underscores the risks of inadequate access controls and data exfiltration detection in large public-sector and regulated organizations. Healthcare providers and defense contractors handling sensitive employee and beneficiary data should review whether their incident response and data classification practices meet HIPAA, NIST 800-171, or equivalent standards—particularly around rapid detection of bulk data movement. SaaS providers serving similar organizations should assess whether their tenancy isolation and audit logging mechanisms would detect comparable unauthorized data access. An Omniware engagement can scope data protection controls, access monitoring, and breach response readiness in detail.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/
Source: BleepingComputer
All briefings