SYS::ONLINE
Wasteland.
Briefs1113
Issues18
SinceFeb 2026
LIVE
▣ Breach COUNCIL-OF-EUROPE 2026-07-07

Council of Europe: ShinyHunters Data Leak

"The Council of Europe has confirmed it is investigating a major data breach after the cybercriminal group ShinyHunters published roughly 297GB of sensitive employee data following the expiration of a ransom deadline…"

The Council of Europe has confirmed it is investigating a major data breach after the cybercriminal group ShinyHunters published roughly 297GB of sensitive employee data following the expiration of a ransom deadline. The leaked archive contains records on more than 10,000 current and former employees, contractors, and job applicants, spanning documents dating back 15 years. Founded in 1949 and representing 46 member states, the Council is one of Europe's foremost human rights bodies, making the exposure of its internal personnel data particularly consequential.

What Happened

ShinyHunters exfiltrated data from multiple Council departments, including human resources and administrative units, reportedly obtaining more than 429,000 files. When the Council declined to meet the group's ransom demand, ShinyHunters made good on its extortion threat and released the full dataset publicly. This ranks as one of the largest breaches of personal data ever recorded against an intergovernmental organization in Europe.

Rather than relying on a single leak site that could be taken down, ShinyHunters escalated its strategy after the refusal to pay. The group announced it would permanently distribute the stolen datasets across multiple mirror sites and torrent networks, deliberately hardening the leak against future takedown efforts and ensuring long-term availability of the data.

What Was Taken

The compromised archive is both large and deeply sensitive. Exposed records reportedly include:

Because the dataset combines financial, medical, and identity information at scale, the downstream risk is severe. Victims face heightened exposure to identity theft, financial fraud, and highly targeted phishing and social engineering campaigns that draw on the internal detail contained in the leaked files.

Why It Matters

An intergovernmental human rights organization holding data on staff, contractors, and applicants is a high-value target, and the depth of this compromise underscores that no institution is immune. The 15-year data retention window meant even people who left the organization long ago are now exposed, illustrating how legacy data becomes long-term liability when it is not minimized or purged.

The shift to torrents and mirror distribution is a strategic signal for defenders. Extortion groups increasingly treat takedown resistance as a core part of their playbook, meaning breached data is now effectively permanent and cannot be walled off after the fact. For any organization negotiating with an actor like ShinyHunters, this reframes the calculation: refusal to pay does not contain the damage, and paying offers no guarantee against later release.

The Attack Technique

The breach has been tied to CVE-2026-35273, a critical 9.8-severity zero-day vulnerability in Oracle PeopleSoft's Environment Management Hub (PSEMHUB). According to security researchers, the flaw allowed attackers to execute arbitrary code remotely without authentication. Google's Mandiant team reported that more than 100 organizations were actively exploited through this vulnerability before Oracle released security guidance.

ShinyHunters chained the zero-day with older, known vulnerabilities to establish persistent access, then moved laterally through compromised environments while impersonating legitimate users to avoid raising alarms. The exploitation window ran from May 27 to June 9, 2026, before mitigations were available, giving the group ample time to identify and exfiltrate high-value data across multiple departments.

What Organizations Should Do

Sources: Council of Europe Data Breach Exposes Records of 10000 Employees After ShinyHunters Leak - IT Security News

TWEET: Council of Europe breached by ShinyHunters. 297GB and 10,000+ employee records leaked after ransom refused. Full breakdown: https://wasteland.me/intel/council-of-europe-shinyhunters-breach #CyberSecurity #ThreatIntel