- ITDM 2025 전망 | “불경기 시대 속 콘텐츠 산업··· 기술이 돌파구를 마련하다” CJ ENM 조성철 엔터부문 CIO
- 50억 달러 피해에서 700명 해고까지··· 2024년 주요 IT 재난 8선
- Network problems delay flights at two oneworld Alliance airlines
- Leveraging Avaya Experience Platform to accelerate your digital banking transformation
- The best iRobot vacuums of 2024: Expert tested and reviewed
Threat Actor Claims Major Europol Data Breach
A well-known threat actor is selling what they claim to be a legitimate trove of highly sensitive internal data stolen from Europol this month.
“IntelBroker” took to hacking site BreachForums on Friday to advertise their wares.
“In May 2024 Europol suffered a data breach and lead [sic] to the exposure of FOUO [for official use only] and classified data,” they wrote in a post to the site screenshotted on X (formerly Twitter). “Compromised data: Alliance employees, FOUO source code, PDFs, documents for recon and guidelines.”
IntelBroker alleged that several agencies within Europol were impacted by the breach, including its European Cybercrime Centre (EC3), data sharing initiative the Europol Platform for Experts (EPE), the Law Enforcement Forum – which deals with financial crime – and electronic evidence platform SIRIUS.
The threat actor appears to be serious, asking for bidders to make an offer for the trove and demanding they pay only in the privacy-focused digital currency XMR. Only “reputable members” will be considered for the sale and proof of funds is required.
The threat actor apparently provided some screenshots of the EPE interface and a small sample of an EC3 database.
It’s unclear whether the data dump is legitimate, although several security industry professionals on X seem to think so. Infosecurity has reached out to Europol with a request for comment.
Read more on Europol security incidents: Europol Left Red-Faced After Terror Data Leak
However, the threat actor is well-known in cybercrime circles, having last month advertised for sale sensitive documents stolen from the Five Eyes intelligence community via US supply chain contractor Acuity.
In March 2023, they claimed to have personal data on 170,000 individuals including members of the US House of Representatives, after breaching health insurance marketplace DC Health Link, which is managed by the DC Health Benefit Exchange Authority (HBX).
In November that year, they advertised for sale sensitive information apparently stolen from industrial giant and US government contractor General Electric.
This isn’t the first time that Europol has suffered a data security scare. At the end of March it was reported that the policing organization lost highly sensitive HR files on some of its most senior officials.
Image credit: Tobias Arhelger / Shutterstock.com
