ShinyHunters claims to have breached the Council of Europe and stolen more than 297 GB of data after exploiting a zero-day flaw in Oracle PeopleSoft and abusing that hole to hack more than 100 organizations.
According to a post on the extortion crew’s data-leak site, the 429,000 pilfered files contain HR and payroll records, payslips, purchase-order records, CVs, and employees’ salary, banking, tax, and medical records.
A Council of Europe spokesperson told The Register that it is “currently investigating the matter and assessing the situation,” but declined to comment further.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Federal Reserve “breached” data may actually belong to Evolve Bank
June 26, 2024
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25. ...
- LockBit hackers claim to have cracked the US Federal Reserve
June 25, 2024
The LockBit cybercrime gang has claimed to have stolen an enormous database from the US Federal Reserve, which includes sensitive banking information about American citizens – but the claim is being met with suspicion. Earlier this week, the infamous ransomware operator added the Fed on its data leak site, saying it had acquired an archive containing ...
- Change Healthcare confirms the customer data stolen in ransomware attack
June 24, 2024
For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led to widespread billing outages, as well as disruptions at ...
- Was T-Mobile compromised by a zero-day in Jira?
June 21, 2024
A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com certifications, and “Siloprograms.” To prove they had the data, IntelBroker posted ...
- Stolen test data and NHS numbers published by Qilin hackers
June 21, 2024
A gang of cyber criminals causing huge disruption to multiple London hospitals has published sensitive patient data stolen from an NHS blood testing company. Overnight on Thursday, Qilin shared almost 400GB of the private information on their darknet site. The gang has been trying to extort money from NHS provider Synnovis since they hacked the firm ...
- Finland sees record number of data breach reports in 2023
June 18, 2024
A record high number of data breaches were reported to Finland’s Data Protection Ombudsman last year, according to a report by news group Uutissuomalainen. In total, the office received 6,900 data breach reports in 2023, an increase of 1,400 on the figure for 2022. Assistant Data Protection Ombudsman Heljä-Tuulia Pihamaa told Uutissuomalainen that the sharp rise ...