• Home
  • cyber
  • Oracle: ShinyHunters Claims Council of Europe Hack
cyber Vulnerability

Oracle: ShinyHunters Claims Council of Europe Hack

Jun 15, 2026 2 min read
Oracle: ShinyHunters Claims Council of Europe Hack

ShinyHunters Claims Breach of Council of Europe, Threatens to Leak 300GB of Stolen Data

The cyber extortion group ShinyHunters has alleged a breach of the Council of Europe, claiming to have stolen nearly 300 gigabytes of sensitive data from the organization’s network. The Council of Europe, a 46-member intergovernmental body founded in 1949 and an official UN observer, focuses on human rights, democracy, and the rule of law.

On June 9, ShinyHunters added the Council of Europe to its Tor-based leak site, asserting it exfiltrated over 429,000 files from multiple departments, including HR, the Secretariat, the Parliamentary Assembly, and the European Directorate for the Quality of Medicines & HealthCare. The stolen data reportedly includes:

  • Payroll records of over 10,000 employees (2011–2026)
  • 14,000+ CVs
  • Contract and purchase orders
  • Absence and illness reports
  • Bank account details, performance evaluations, and payroll exports
  • Personal data: names, IDs, addresses, phone numbers, dates of birth, tax and social security information, and medical records

The group has set a June 16 deadline, threatening to release the data publicly if the Council of Europe does not engage in negotiations. As of now, the organization has not publicly acknowledged the breach.

ShinyHunters has been active since mid-2025, with recent high-profile attacks targeting Salesforce customers (including Carnival, Canvas, and Grafana) and exploiting a zero-day vulnerability in Oracle PeopleSoft, which Google confirmed last week may have impacted 100 organizations. The group’s tactics align with double-extortion schemes, where stolen data is used as leverage for ransom demands.

Source: https://www.securityweek.com/shinyhunters-claims-council-of-europe-hack/

Oracle TPRM report: https://www.rankiteo.com/company/oracle

"id": "ora1781526596",
"linkid": "oracle",
"type": "Vulnerability",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '10,000+ employees, potentially '
                                              'affected individuals in HR, '
                                              'Secretariat, Parliamentary '
                                              'Assembly, and European '
                                              'Directorate for the Quality of '
                                              'Medicines & HealthCare',
                        'industry': 'Government, Human Rights, Democracy, Rule '
                                    'of Law',
                        'name': 'Council of Europe',
                        'type': 'Intergovernmental organization'}],
 'attack_vector': 'Zero-day vulnerability (Oracle PeopleSoft)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '429,000+ files, 10,000+ '
                                              'employee payroll records, '
                                              '14,000+ CVs',
                 'personally_identifiable_information': 'Yes (names, IDs, '
                                                        'addresses, phone '
                                                        'numbers, dates of '
                                                        'birth, tax/social '
                                                        'security information, '
                                                        'medical records)',
                 'sensitivity_of_data': 'High (personally identifiable '
                                        'information, financial data, medical '
                                        'records)',
                 'type_of_data_compromised': ['Payroll records',
                                              'CVs',
                                              'Contract and purchase orders',
                                              'Absence and illness reports',
                                              'Bank account details',
                                              'Performance evaluations',
                                              'Personal data (names, IDs, '
                                              'addresses, phone numbers, dates '
                                              'of birth)',
                                              'Tax and social security '
                                              'information',
                                              'Medical records']},
 'date_publicly_disclosed': '2025-06-09',
 'description': 'The cyber extortion group ShinyHunters has alleged a breach '
                'of the Council of Europe, claiming to have stolen nearly 300 '
                'gigabytes of sensitive data from the organization’s network. '
                'The stolen data includes payroll records, CVs, contract and '
                'purchase orders, absence and illness reports, bank account '
                'details, performance evaluations, and personal data such as '
                'names, IDs, addresses, phone numbers, dates of birth, tax and '
                'social security information, and medical records. The group '
                'has set a June 16 deadline, threatening to release the data '
                'publicly if the Council of Europe does not engage in '
                'negotiations.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage',
            'data_compromised': '300GB of sensitive data, 429,000+ files',
            'identity_theft_risk': 'High (personal data, tax/social security '
                                   'information, medical records)',
            'legal_liabilities': 'Potential legal liabilities due to exposure '
                                 'of personal and sensitive data',
            'payment_information_risk': 'High (bank account details)'},
 'initial_access_broker': {'entry_point': 'Zero-day vulnerability in Oracle '
                                          'PeopleSoft'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain (ransom), Data extortion',
 'ransomware': {'data_exfiltration': 'Yes'},
 'references': [{'date_accessed': '2025-06-09',
                 'source': 'ShinyHunters Tor-based leak site'}],
 'threat_actor': 'ShinyHunters',
 'title': 'ShinyHunters Claims Breach of Council of Europe, Threatens to Leak '
          '300GB of Stolen Data',
 'type': 'Data Breach, Extortion',
 'vulnerability_exploited': 'Zero-day vulnerability in Oracle PeopleSoft'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.