A well-known threat actor is selling what they claim to be a legitimate trove of highly sensitive internal data stolen from Europol this month.
“IntelBroker” took to hacking site BreachForums on Friday to advertise their wares.
“In May 2024 Europol suffered a data breach and lead [sic] to the exposure of FOUO [for official use only] and classified data,” they wrote in a post to the site screenshotted on X (formerly Twitter). “Compromised data: Alliance employees, FOUO source code, PDFs, documents for recon and guidelines.”
IntelBroker alleged that several agencies within Europol were impacted by the breach, including its European Cybercrime Centre (EC3), data sharing initiative the Europol Platform for Experts (EPE), the Law Enforcement Forum – which deals with financial crime – and electronic evidence platform SIRIUS.
The threat actor appears to be serious, asking for bidders to make an offer for the trove and demanding they pay only in the privacy-focused digital currency XMR. Only “reputable members” will be considered for the sale and proof of funds is required.
The threat actor apparently provided some screenshots of the EPE interface and a small sample of an EC3 database.
It’s unclear whether the data dump is legitimate, although several security industry professionals on X seem to think so.
Europol told Infosecurity in a statement that it is “is aware of the incident and is assessing the situation.”
It added that the incident concerns only an EPE “closed user group” and that no operational information is processed in this application.
“No core systems of Europol are affected and therefore, no operational data from Europol has been compromised,” it noted, adding that “initial actions have already been taken” in response.
Read more on Europol security incidents: Europol Left Red-Faced After Terror Data Leak
However, the threat actor is well-known in cybercrime circles, having last month advertised for sale sensitive documents stolen from the Five Eyes intelligence community via US supply chain contractor Acuity.
In March 2023, they claimed to have personal data on 170,000 individuals including members of the US House of Representatives, after breaching health insurance marketplace DC Health Link, which is managed by the DC Health Benefit Exchange Authority (HBX).
In November that year, they advertised for sale sensitive information apparently stolen from industrial giant and US government contractor General Electric.
This isn’t the first time that Europol has suffered a data security scare. At the end of March it was reported that the policing organization lost highly sensitive HR files on some of its most senior officials.
This article was updated on May 14 with a Europol statement.
Image credit: Tobias Arhelger / Shutterstock.com