Home All Victims coe.int

coe.int

shinyhunters

This record tracks a ransomware attack claimed by the shinyhunters group against coe.int. It collects the publicly disclosed attack details — sector, location and timeline — as published on the operator's leak site and indexed by Breach House.

Window Zero

EXPOSURE GAP

Window Zero is the time the breach stayed in the open before anyone said so — the gap between when the attack was first discovered on the operator's leak site (t1) and when it was publicly disclosed (t2). The wider this window, the longer victims, staff and customers were exposed with no warning.

5days open
t1 · Published t2 · Pending
Jun 13, 2026Not disclosed yet
Country
France
Business Category
NGOs / Associations
Employees
+1000
Discovered
2026-06-14
Published
June 13, 2026
Disclosed / Notified
Not disclosed yet
Victim ID
PrLwuVhJdlUQ

Attack Summary

Over 297 GB of Council of Europe HR and payroll data (429,000+ files) was compromised across the Secretariat, Directorate of Human Resources, Parliamentary Assembly, EDQM, permanent and temporary staff, interpreters, conference services, language booth units, and payroll administration, including 409,000+ payslips for 10,000+ staff from 2011 to 2026, 14,000+ CVs and 3,700+ in-house personnel files, 10,700+ per-employee document stores, contract and purchase order records, mission travel overpayments, interpreter scheduling and 2026 salary scales, Blue List rosters, absence and illness reports, bank account and URSSAF payroll data, performance evaluations, and payroll exports, covering full names, employee IDs, home addresses, phone numbers, dates of birth, salaries, bank details, tax and social security information, medical and absence records, mission references, and other internal institutional data. This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 14 June 2026 | Warning: FINAL WARNING PAY OR LEAK

Leak Screenshots

SAMPLE

Proof-of-breach screenshots the operator posted from the stolen data. Previews are redacted and locked — the originals are available on HaveIBeenRansom.

file_tree.png
finance_2024.xlsx
passport_scan.jpg
contract_signed.pdf
Sign in or explore HaveIBeenRansom to view the full leak gallery.
View leak gallery →

Dark Web Exposure

Findings for coe.int — indexed by HaveIBeenRansom.
1,337
found in Infostealer logs
2,978+
found in Traditional breaches
22+
found in Ransomware leaks
European Commission (*.europa.eu)
shinyhunters · breach
••• emails
Apollo.io DB 816millions.rar
Database World ROC · breach
••• emails
Israel Ministry of Justice.part01.rar
Misha-z88 DB · breach
••• emails
@BreachedData1 LinkedIn 2021-23 Cleaned.7z.001
Database World ROC · breach
••• emails
limeleads_breach.7z
TheUnderground - Reborn · breach
••• emails
OnlinerSpambot_BF.7z
B F R e p o V 3 F i l e s · breach
••• emails
TAPAir_BF.7z
B F R e p o V 3 F i l e s · breach
••• emails
pureincubation-com.7z.001
Database World ROC · breach
••• emails
+ 17 more leak sources locked
Leak volumes are locked
Sign in to reveal how many records each source exposed and the remaining 20 sources.
Sign in to unlock Dig deeper on HaveIBeenRansom →
Want the complete picture — passwords, machines, full leak files? It's all searchable on HaveIBeenRansom.
Search this victim →
Visit Website View Group: shinyhunters

Related entries

icsecurity.com Amazon owned OneMedical.com NAIC.org Ralph Lauren icc.edu moody.edu
Legal Disclaimer: This ransomware victim record reflects information published on the operator's leak site. Breach.house does not acquire, download, host, access or redistribute unlawfully obtained data. It indexes only publicly visible information posted by ransomware, breach and infostealer operators and open web sources, without accessing the underlying stolen content. The service supports public awareness, legitimate research and cyber-resilience.