The shinyhunters ransomware group compromised coe.int in France, exposing over 297 GB of Council of Europe HR and payroll data across multiple directorates and services, including 409,000+ payslips, 14,000+ CVs, and extensive personal, financial, tax, bank, and employment records. This is a final warning dated 14 June 2026 to contact them by 16 June 2026 to avoid data leakage and related digital issues. #France
Incident Details
- Victim: coe.int
- Sector: Not Found
- Country: FR
- Actor: shinyhunters
- Source:
- Discovered: 2026-06-14T00:54:51.834700+00:00
- Published: 2026-06-13T11:10:00+00:00
Information
- Over 297 GB of Council of Europe HR and payroll data, covering more than 429,000 files, was compromised across multiple departments and staff groups.
- The exposed data includes payroll records for over 10,000 staff from 2011 to 2026, along with more than 409,000 payslips.
- Also affected were 14,000+ CVs, 3,700+ in-house personnel files, and 10,700+ per-employee document stores.
- Additional exposed records include contract and purchase order documents, mission travel overpayments, interpreter scheduling, 2026 salary scales, Blue List rosters, and absence and illness reports.
- Bank account details, URSSAF payroll data, performance evaluations, and payroll exports were also taken.
- The leaked information contains full names, employee IDs, home addresses, phone numbers, dates of birth, salaries, bank details, tax and social security information, medical and absence records, mission references, and other internal institutional data.
- A final warning was issued to make contact by 16 June 2026 to prevent publication of the stolen data.
- The threat also included the possibility of additional disruptive digital incidents if demands are not met.
Disclaimer: This post is based on public claims made by the ransomware group "shinyhunters". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.