News
Council of Europe data breach: ShinyHunters claims theft of HR and payroll records
BlogBreachesResourcesNews
Council of Europe data breach: ShinyHunters claims theft of HR and payroll records

Council of Europe data breach: ShinyHunters claims theft of HR and payroll records

UpGuard Team
UpGuard Team
June 15, 2026

Key facts: Council of Europe data breach

  • Date reported: June 15, 2026
  • Target entity: Council of Europe
  • Source of breach: Extortion group ShinyHunters
  • Data types: Names, dates of birth, home addresses, phone numbers, employee IDs, salaries, bank account details, medical records, payslips, CVs
  • Status: Under investigation; reported on June 15, 2026.
  • Severity: High; exposure of sensitive HR, financial, and medical data poses significant identity theft and fraud risks.

What happened in the Council of Europe data breach?

The Council of Europe (coe.int) is currently investigating a significant security incident following claims by the extortion group ShinyHunters. The breach, first reported on June 15, 2026, allegedly involves the theft of over 429,000 documents containing sensitive human resources and payroll information. According to the threat actors, the stolen data includes more than 409,000 payslips for over 10,000 staff members, spanning a period from 2011 to 2026.

The incident is classified as high severity due to the depth of personal and financial information involved. Exposed records reportedly contain names, home addresses, salaries, bank account details, and even medical records. ShinyHunters has threatened to leak the files publicly on June 16, 2026, if their demands are not met. While the investigation is ongoing, such breaches typically lead to targeted phishing, financial fraud, and long-term identity theft risks for the affected individuals.

Who is behind the incident?

ShinyHunters is a well-known extortion group that has been active since at least 2020. The group is notorious for targeting high-profile organizations and stealing large databases, which they then use to demand ransoms or sell on underground forums. Unlike traditional ransomware groups that encrypt systems, ShinyHunters primarily focuses on data exfiltration and extortion. They have previously claimed responsibility for breaches involving major tech companies and retailers. Their methods often involve exploiting vulnerabilities in cloud environments or using stolen credentials to gain unauthorized access to internal repositories and document management systems.

Impact and risks for Council of Europe staff

The impact on current and former staff of the Council of Europe is substantial. With the exposure of payslips, bank details, and medical information, affected individuals face a high risk of identity theft and financial fraud. Malicious actors could use the stolen data to open fraudulent accounts or conduct unauthorized transactions. Furthermore, the inclusion of home addresses and medical records introduces significant privacy concerns and the potential for targeted harassment.

Staff members should remain vigilant against sophisticated phishing attempts that may use their personal details to appear legitimate. It is essential to monitor bank statements and credit reports for any suspicious activity. Implementing multi-factor authentication on all personal and professional accounts and utilizing identity theft protection services are critical steps for those affected. Prompt transparency from the organization helps in mitigating these long-term risks.

How to protect against similar security incidents

Given the exposure of sensitive HR and financial data at the Council of Europe, staff members and stakeholders should take immediate steps to secure their personal information and monitor for signs of fraud.

  • Enroll in identity theft and credit monitoring. Sign up for a credit monitoring service to receive alerts about new accounts opened in your name. Place a fraud alert or credit freeze on your files with major credit bureaus to prevent unauthorized credit applications.
  • Secure financial accounts and monitor transactions. Notify your bank and financial institutions about the potential compromise of your bank account details. Review bank statements regularly for unauthorized charges and enable transaction notifications for all financial activity.
  • Implement phishing-resistant multi-factor authentication. Enable MFA on all personal email and financial accounts, preferably using hardware keys or authenticator apps. Be wary of unsolicited communications requesting further personal information or login credentials, as attackers may use stolen data to build trust.
  • Enhance organizational attack surface management. Organizations should deploy continuous monitoring tools to identify exposed assets and data leaks in real-time. Regularly audit access permissions to sensitive HR and payroll systems to ensure the principle of least privilege is strictly maintained.

Taking proactive measures now can significantly reduce the long-term impact of this data exposure.

Frequently asked questions

What happened in the Council of Europe security breach?

ShinyHunters claimed responsibility for a security attack on Council of Europe (coe.int) in June 2026. The incident was first reported on June 15, 2026.

When did the Council of Europe breach occur?

The Council of Europe breach was publicly reported on June 15, 2026. ShinyHunters referenced the incident around that time, but the attack may have occurred earlier.

What data was exposed?

The types of data involved in the Council of Europe incident include names, dates of birth, home addresses, phone numbers, employee IDs, salaries, bank account details, and medical records. ShinyHunters has claimed to possess over 409,000 payslips.

Is my personal information at risk?

If you interacted with Council of Europe, there's a possibility your personal information could be affected. Because this incident targets internal HR records, affected staff face direct risks of targeted phishing, financial fraud, and potential blackmail.

What steps should companies take after being breached?

The Council of Europe is expected to secure systems, notify affected parties, provide guidance on protective actions, review security measures, and deploy attack surface management to prevent future occurrences.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is The Council of Europe?

The Council of Europe is an international organization dedicated to upholding human rights, democracy, and the rule of law across Europe that utilizes coe.int as its official online platform to provide information regarding its conventions, legal standards, and monitoring activities to its member states and the public.
  • Check icon
    View our free preliminary report on The Council of Europe’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View The Council of Europe's score
View score
https://www.coe.int/
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
American Express data breach: key facts and what we know so far

American Express data breach: key facts and what we know so far

A data breach involving American Express was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 11, 2026
The University of Western Australia data breach: what happened and what's at risk

The University of Western Australia data breach: what happened and what's at risk

A data breach involving The University of Western Australia was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 10, 2026
Easterly Government Properties data breach exposes Social Security numbers and tax data

Easterly Government Properties data breach exposes Social Security numbers and tax data

A data breach involving Easterly Government Properties was reported in June 2026. See incident details, impact on customers, and recommended security measures.
Paul McCarthy
Paul McCarthy
June 15, 2026
Nintendo data breach: 859MB of employee data compromised by SHADOWBYT3$

Nintendo data breach: 859MB of employee data compromised by SHADOWBYT3$

A data breach involving Nintendo was reported in June 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
June 16, 2026
Orthopaedic Specialists of Massachusetts data breach: key facts and what we know so far

Orthopaedic Specialists of Massachusetts data breach: key facts and what we know so far

A data breach involving Orthopaedic Specialists of Massachusetts was reported in June 2026. See incident details, impact on patients, and recommended security measures.
UpGuard Team
UpGuard Team
June 15, 2026
Bellflower Unified School District data breach: what happened and what's at risk

Bellflower Unified School District data breach: what happened and what's at risk

A data breach involving Bellflower Unified School District was reported in June 2026. See incident details, impact on customers, and security measures.
UpGuard Team
UpGuard Team
June 15, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating