The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend.

As Europe's leading human rights organization, the Council represents 46 European member states and a population of over 700 million people, promoting democracy and the rule of law across Europe and beyond.

When asked to confirm the cybercrime gang's claims, the Council of Europe's media department told BleepingComputer that the organization is looking into the matter and couldn't provide further information.

"We are currently investigating the matter and assessing the situation. We have no further comment to make at this stage," the Council said.

In a post published on their dark web leak site over the weekend, the ShinyHunters claimed to have stolen more than 429,000 documents containing HR and payroll data from multiple Council of Europe departments and threatened to leak the allegedly exfiltrated files on Tuesday.

"This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that'll come your way," they said.

​ShinyHunters added that the allegedly stolen documents include more than 409,000 payslips for 10,000+ staff (ranging from 2011 to 2026), over 3,700 in-house personnel files, more than 14,000 CVs, and other files.

The stolen files are said to contain a wide range of personal and financial information, including affected individuals' names, dates of birth, home addresses, phone numbers, employee IDs, salaries, bank account details, tax and Social Security information, medical records, and more.

Over the past year, ShinyHunters has also claimed attacks targeting Salesforce customers, saying they've stolen more than 1.5 billion records in breaches affecting hundreds of companies and organizations worldwide in Salesforce Aura and Salesloft Drift campaigns.

They were also linked to high-profile attacks against over a dozen Snowflake customers and other third-party integration providers.

More recently, last week, the extortion group also claimed responsibility for a new data theft campaign that led to breaches at over 100 organizations (including the University of Nottingham) after exploiting a zero-day vulnerability in Oracle's PeopleSoft enterprise business software suite.