Council of Europe hacked in ShinyHunters' PeopleSoft heist

**TL;DR:** Council of Europe hacked in ShinyHunters' PeopleSoft heist

---

ShinyHunters claims to have breached the Council of Europe and stolen more than 297 GB of data after exploiting a zero-day flaw in Oracle PeopleSoft and abusing that hole to hack more than 100 organizations. According to a post on the extortion crew’s data-leak site, the 429,000 pilfered files contain HR and payroll records, payslips, purchase-order records, CVs, and employees’ salary, banking, tax, and medical records. A Council of Europe spokesperson told The Register that it is “currently investigating the matter and assessing the situation,” but declined to comment further.

A spokesperson for the cybercrime group told us that the Council is yet another victim of the Oracle PeopleSoft heist. Oracle has yet to respond to The Register’s inquiries, and it's unclear if the vulnerability, tracked as CVE-2026-35273, has been patched. ShinyHunters previously told us that the gang exploited the CVE to compromise more than 100 organizations across 300 vulnerable instances, and that these victims included the University of Nottingham.

Last week, the crims listed the UK uni on their leak site, then dumped data belonging to around 454,600 current and former students, including personal and

Source: The Register

Tech news is rarely just a gadget headline. We frame what changed, who benefits, and what to watch next as details firm up.

Even when details are thin, these stories matter because they signal direction: pricing, policy, platform behavior, or security posture can shift quickly once momentum builds.

Watch for primary-source confirmation, changelog entries, and whether vendors publish remediation or rollout timelines.

1) If money or security is involved, wait for primary sources. 2) Test changes on a small scale before committing. 3) Note what would falsify your current assumptions.

**Q: Is everything in this article confirmed?** A: The summary reflects publicly reported information at publication time. Analysis sections are clearly framed as context, not new reporting.

**Q: Will iByte update this page?** A: Yes. As primary sources publish more detail, this article can be refreshed without changing the URL.

Last updated: June 16, 2026.

Additional context: early-cycle stories often look bigger in headlines than in day-to-day impact. The useful move is to identify the smallest set of facts that would change your decision, then wait for those facts to land.

Additional context: early-cycle stories often look bigger in headlines than in day-to-day impact. The useful move is to identify the smallest set of facts that would change your decision, then wait for those facts to land.