111 views 59 secs 0 comments

Europol confirms web portal breach, says no operational data stolen

In Data Breach News, Europe, News
May 13, 2024
Europol confirms web portal breach, says no operational data stolen
A notice on the EPE subdomain of Europol says it is under maintenance. Image: DataBreachTimes.

Europol appears to have confirmed a breach first claimed by the threat actor known as IntelBroker, a moderator on BreachForums.

Top portion of listing on BreachForums by IntelBroker. Image: DataBreachTimes.com

IntelBroker’s listing, which was subsequently marked as “SOLD,” claimed to have breached Europol in May of this year, resulting in the exposure of “For Official Use Only” (FOUO) and classified data. The compromised data allegedly included:

Alliance employees, FOUO source code, PDFs, Documents for recon and guidelines.

List of agencies within Europol breached:

CCSE
Cryptocurrencies – EC3
Space – EC3
Europol Platform for Experts
Law Enforcement Form
SIRIUS

The remainder of the listing provided some proof of claims.

As Bleeping Computer reports, Europol has confirmed that there has been some breach, although it has not confirmed some of the specific claims:

EPE is an online platform law enforcement experts use to “share knowledge, best practices and non-personal data on crime.”

“Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol told BleepingComputer.

“No operational information is processed on this EPE application. No core systems of Europol are affected and therefore, no operational data from Europol has been compromised.”

BleepingComputer also asked when the breach occurred and whether it is true FOUO and classified documents were stolen as claimed by the threat actor, but a response was not immediately available.