Threat Actor Claims Major Europol Data Breach

Security

A well-known threat actor is selling what they claim to be a legitimate trove of highly sensitive internal data stolen from Europol this month.

“IntelBroker” took to hacking site BreachForums on Friday to advertise their wares.

“In May 2024 Europol suffered a data breach and lead [sic] to the exposure of FOUO [for official use only] and classified data,” they wrote in a post to the site screenshotted on X (formerly Twitter). “Compromised data: Alliance employees, FOUO source code, PDFs, documents for recon and guidelines.”

IntelBroker alleged that several agencies within Europol were impacted by the breach, including its European Cybercrime Centre (EC3), data sharing initiative the Europol Platform for Experts (EPE), the Law Enforcement Forum – which deals with financial crime – and electronic evidence platform SIRIUS.

The threat actor appears to be serious, asking for bidders to make an offer for the trove and demanding they pay only in the privacy-focused digital currency XMR. Only “reputable members” will be considered for the sale and proof of funds is required.

The threat actor apparently provided some screenshots of the EPE interface and a small sample of an EC3 database.

It’s unclear whether the data dump is legitimate, although several security industry professionals on X seem to think so. Infosecurity has reached out to Europol with a request for comment.

Read more on Europol security incidents: Europol Left Red-Faced After Terror Data Leak

However, the threat actor is well-known in cybercrime circles, having last month advertised for sale sensitive documents stolen from the Five Eyes intelligence community via US supply chain contractor Acuity.

In March 2023, they claimed to have personal data on 170,000 individuals including members of the US House of Representatives, after breaching health insurance marketplace DC Health Link, which is managed by the DC Health Benefit Exchange Authority (HBX).

In November that year, they advertised for sale sensitive information apparently stolen from industrial giant and US government contractor General Electric.

This isn’t the first time that Europol has suffered a data security scare. At the end of March it was reported that the policing organization lost highly sensitive HR files on some of its most senior officials.

Image credit: Tobias Arhelger / Shutterstock.com

Products You May Like

Articles You May Like

US Government Issues Cloud Security Requirements for Federal Agencies
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

Leave a Reply

Your email address will not be published. Required fields are marked *