Council of Europe Data Breach Exposes Records of 10000 Employees After ShinyHunters Leak

 

Council of Europe is investigating a major data breach following the public release of approximately 297 GB of sensitive employee data by cybercriminal group ShinyHunters following the expiration of a ransom deadline. 
An archive has been leaked that contains information regarding more than 10,000 current and former employees, contractors, and job applicants dating from 15 years ago.
As one of Europe’s leading human rights organizations since 1949, the Council of Europe has been an official observer at the United Nations since 1949. It represents 46 member states and is a central force in promoting democracy, human rights, and the rule of law throughout Europe. 
Since the information it holds is sensitive, the breach of confidentiality is particularly significant.
As reported by ShinyHunters, more than 429,000 files, including personnel data, were obtained from multiple Council departments, including human resources and administrative units. This was one of the largest breaches of personal data involving an intergovernmental organization in Europe. 
Information available indicates that payroll records, bank account information, medical information, tax information, social security information, salary histories, personnel files, and thousands of CVs were exposed. Due to the large size of the dataset, identity theft, financial fraud, and highly targeted phishing are significantly more likely to occur.
It has been reported that the breach is related to CVE-2026-35273, a critical 9.8-severity zero-day vulnerability affecting Oracle PeopleSoft’s Environment Management Hub (PSEMHUB). 
According to security researchers, the vulnerability allowed attackers to execute arbitrary code remotely without authentication. According to Google’s Mandiant team, more than 100 organizations had actively exploited the vulnerability prior to Oracle’s release of security guidance.
Using the zero-day vulnerability in combination with older vulnerabilities, ShinyHunters obtained persistent access, migrated laterally through compromised environments, and exfiltrated data while posing as legitimate users. 
The exploit was conducted between May 27 and June 9, before mitigations were available.
ShinyHunters has also altered its extortion strategy significantly following the Council of Europe declining to meet the ransom demand. In response to the Council’s refusal to pay the ransom, ShinyHunters announced it would permanently distribute stolen datasets through multiple mirror sites and torrent networks, thereby reducing the likelihood of future takedown efforts.
In addition, the incident adds to the growing number of campaigns involving ShinyHunterS Researchers have recently linked the group to attacks targeting multiple organizations, while Google’s threat intelligence team has linked the group’s latest activity to widespread exploitation of the Oracle PeopleSoft zero-day vulnerability before mitigations were available. 
According to a brief statement issued by the Council of Europe, the organization was “investigating the matter and assessing the situation.” Further comment was not provided. The organization has not yet announced a formal notification process or measures to protect individuals’ identities.
Zero-day exploitation and data extortion campaigns are becoming increasingly prevalent, with public disclosure increasingly taking precedence over traditional ransomware encryption. 
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: