Ransomware: shinyhunters claims coe.int (FR) — Not Found

On 14 June 2026, a ransomware group known as ShinyHunters claimed responsibility for a breach targeting the Council of Europe’s domain (coe.int), as reported on the ransomware monitoring site ransomware.live. The claim, listed under the BREACH framework, indicates that the attackers have exfiltrated data from the Council of Europe’s systems, though the specific nature and volume of compromised information remain unconfirmed. This incident underscores the ongoing threat to international governmental and intergovernmental organizations, particularly those handling sensitive policy, legal, and personal data.

The primary affected entity is the Council of Europe, an intergovernmental organization with 46 member states, but the breach may also impact national data protection authorities, legal bodies, and citizens whose data is processed by the Council. Sectors most at risk include public administration, international law, human rights monitoring, and data protection enforcement. Compliance teams in any organization that shares data with or relies on the Council of Europe’s systems should assess their exposure, especially under GDPR and other EU data protection frameworks.

Compliance teams should immediately verify whether their organization has any data-sharing agreements or direct integrations with the Council of Europe. They should review incident response plans for third-party breaches, ensure data processing records are updated, and prepare for potential notifications to supervisory authorities if their data is involved. Additionally, teams should monitor official communications from the Council of Europe for confirmed breach details and update risk assessments for ransomware threats targeting public sector partners.