bleepingcomputer.com web signal

Council of Europe Probes ShinyHunters Data Breach

cybersecurity oracle data-breach supply-chain ransomware

Key insights

  • ShinyHunters claims 429,000+ stolen Council of Europe documents, including 409,000+ payslips, 3,700+ personnel files, and 14,000+ CVs spanning 2011-2026.
  • Stolen records allegedly include bank account details, salaries, Social Security information, and medical data for more than 10,000 employees.
  • The breach is attributed to the same Oracle PeopleSoft zero-day campaign that has already compromised over 100 organizations, including the University of Nottingham.

Why this matters

The Oracle PeopleSoft zero-day campaign has now demonstrated reach into intergovernmental bodies representing 46 nations, confirming that multinational institutions with legacy ERP deployments are being targeted at the same pace as universities and enterprises. Exposure of payslips from 2011 through 2026, medical records, and bank account data for 10,000+ Council of Europe staff creates systemic identity-theft risk across European civil service networks, with cascading liability questions for an institution serving over 700 million people. For technical leaders, this incident signals that legacy ERP platforms like PeopleSoft remain critical unpatched attack surfaces that demand urgent prioritization alongside cloud-native security investments.

Summary

The Council of Europe is investigating ShinyHunters claims of a breach exposing 429,000+ documents: payslips, personnel files, and CVs containing bank account details, salaries, medical data, and Social Security information for more than 10,000 employees. ShinyHunters posted the threat on its dark web leak site over the weekend, warning the Council it had until June 16 to respond or face a data release alongside 'several annoying (digital) problems.' The Council confirmed it is investigating but declined further comment. Essentially: (ShinyHunters, Council of Europe) this is part of an Oracle PeopleSoft zero-day campaign that has already hit more than 100 organizations. - 409,000+ payslips spanning 2011-2026, 3,700+ personnel files, and 14,000+ CVs allegedly stolen, with records including names, dates of birth, home addresses, and phone numbers. - University of Nottingham is among 100+ organizations breached in the same PeopleSoft campaign. The Council represents 46 member states and over 700 million people, meaning a confirmed breach would carry diplomatic weight well beyond a typical enterprise incident.

Potential risks and opportunities

Risks

  • More than 10,000 Council of Europe employees face immediate identity theft and financial fraud risk if bank account details, Social Security information, and salaries are published.
  • The 46 member states whose staff records may be included face potential intelligence exposure if adversarial actors obtain payroll, personnel, and medical data from the threatened leak.
  • Organizations still running unpatched Oracle PeopleSoft systems face active targeting by ShinyHunters, which has already claimed over 100 victims in this same campaign.

Opportunities

  • Identity monitoring and fraud protection vendors gain an immediate procurement opening with the Council of Europe to cover 10,000+ potentially affected employees.
  • Oracle faces pressure to accelerate PeopleSoft zero-day remediation and direct customer outreach across the 100+ compromised organizations, representing a significant patch deployment engagement.
  • Cybersecurity firms specializing in ERP security gain leverage to expand into European intergovernmental and public-sector accounts following this breach of a 46-member-state institution.

What we don't know yet

  • Whether ShinyHunters has provided proof-of-data or published sample files to validate its breach claims -- no verification was reported in the article.
  • Which specific Council of Europe systems were accessed and whether the Oracle PeopleSoft zero-day has since been patched at the affected organization.
  • What 'several annoying (digital) problems' the group threatened alongside the data leak actually entail -- no specifics were disclosed in ShinyHunters' warning.

Originally reported by bleepingcomputer.com

Read the original article →

Original headline: ShinyHunters Claims 297GB Theft From Council of Europe via Oracle PeopleSoft Zero-Day — June 16 Leak Deadline Issued for 429,000 Documents Including Employee Medical and Banking Data