ShinyHunters has published what it claims is a 297 GB dataset stolen from the Council of Europe, escalating an extortion campaign that previously threatened the organization with a leak deadline earlier this week.
The publication follows a warning issued by the threat actor on its leak site. As previously reported by BreachNews, ShinyHunters had threatened to release Council of Europe data unless contact was established before a June 16 deadline. The group now claims the full dataset is available for download.
BreachNews has not independently verified the authenticity of the files or confirmed that the data originated from Council of Europe systems. However, the volume and level of detail described by the threat actor would make this one of the most significant personnel data exposures involving a European institution if verified.
Threat actor claims release of extensive HR records
According to the listing, the allegedly leaked dataset contains more than 429,000 files spanning multiple Council of Europe departments and administrative units, including human resources, payroll administration, conference services, interpreter management, and other internal functions.
The threat actor claims the archive contains more than 409,000 employee payslips covering the period from 2011 through 2026 and affecting more than 10,000 current and former staff members.
Additional documents allegedly include thousands of CVs, personnel files, employee document repositories, payroll exports, contract records, purchase orders, performance evaluations, scheduling information, and administrative records.
If authentic, the exposure would provide an unusually detailed view into internal personnel and payroll operations across one of Europe’s most prominent intergovernmental institutions.
Sensitive employee information allegedly exposed
The threat actor further claims the dataset contains extensive personally identifiable information and payroll-related records.
According to the listing, exposed information may include employee names, identification numbers, home addresses, telephone numbers, dates of birth, salary information, bank account details, tax information, social security data, medical and absence records, mission references, and other internal employment records.
The alleged presence of banking information, payroll data, personnel evaluations, and health-related records significantly increases the potential impact on affected individuals if the claims are accurate.
Such information could be used for identity fraud, targeted phishing attacks, financial scams, social engineering campaigns, or other forms of abuse.
Latest escalation in broader extortion campaign
The Council of Europe listing was originally published alongside several other organizations targeted by ShinyHunters, including American Tower, JCPenney, Ralph Lauren, Madison Square Garden Sports, and Nexstar.
The publication appears to represent another escalation in the group’s ongoing extortion activity, which has targeted organizations across government, education, healthcare, retail, and technology sectors throughout 2026.
Council of Europe has not publicly addressed alleged leak
At the time of publication, BreachNews had not identified a public statement from the Council of Europe addressing the alleged publication of the dataset.
The organization’s official website remains available at coe.int.
BreachNews will update this article if the Council of Europe confirms an incident, disputes the authenticity of the data, or provides additional information regarding the alleged breach.
