A Council of Europe breach dataset indexed by leaksear.ch contains 2,093 records tied to ShinyHunters' June 14, 2026 claim of stolen HR, payroll, and personnel files (leaksear.ch metadata). The Council of Europe is the continent's leading human-rights organization, spanning 46 member states, and public reporting said the organization was investigating ShinyHunters' broader breach claim while it had not confirmed the incident (www.coe.int, www.bleepingcomputer.com).
What happened
On June 15, 2026, SecurityWeek and BleepingComputer reported that ShinyHunters had posted the Council of Europe to a Tor-based leak site and claimed to have stolen more than 297 GB of data and more than 429,000 files from multiple departments (www.securityweek.com, www.bleepingcomputer.com). The group claimed the material included HR, payroll, personnel, CV, contract, absence, illness, bank-account, tax, Social Security, and medical information, and threatened publication if the Council did not contact it by June 16, 2026 (www.securityweek.com, www.bleepingcomputer.com).
The Council of Europe told both outlets it was investigating and assessing the matter and had no further comment at that stage (www.securityweek.com, www.bleepingcomputer.com). Based on the public record reviewed here, the confirmed facts are the extortion claim, the Council's investigation statement, and leaksear.ch's indexing of 2,093 records from a dataset connected to that claim, not a full organizational confirmation of ShinyHunters' figures or intrusion method (leaksear.ch metadata).
What data was exposed
The leaksear.ch indexed dataset contains 2,093 records with identity and contact fields, including names, email addresses, phone numbers, physical addresses, countries, dates of birth, and usernames (leaksear.ch metadata). The same indexing metadata also identifies employee IDs, department details, source file/sheet context, and payroll/account context stored with records, but those fields are not all searchable pivots on the platform (leaksear.ch metadata).
Public reporting on ShinyHunters' larger allegation described payslips, personnel files, CVs, salary data, bank details, tax and Social Security information, and medical records, but those broader categories should be read as attacker-attributed claims unless separately confirmed (www.securityweek.com, www.bleepingcomputer.com, cybernews.com).
Why this matters
Because the indexed records combine personal identifiers, contact details, and workplace/payroll context, affected individuals could face targeted phishing, HR impersonation, account-recovery attempts, doxxing, and payroll or identity-fraud attempts (leaksear.ch metadata). Security teams should watch for messages that reference Council of Europe employment, payroll, benefits, travel, or personnel details, especially requests to update bank details, share documents, or re-authenticate accounts. If you are a current or former Council of Europe staff member, or anyone who may have had HR or personnel records with the organization, check whether your name, email, phone number, address, date of birth, username, or country appears in this leak (leaksear.ch metadata).
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.