Europol, the European Union’s law enforcement agency, has confirmed a security breach on its web portal, although it asserts that no operational data was compromised.
The breach has been attributed to the notorious hacker group IntelBroker, which alleges to have pilfered sensitive data, including classified documents, during the incident.
IntelBroker claims the breach occurred in May 2024 and affected several Europol systems, notably the Europol Platform for Experts (EPE), a platform utilized by law enforcement professionals for knowledge exchange.
The hacker group asserts access to “For Official Use Only” (FOUO) source code, documents, and a database containing personal information of cybercrime experts.
Additionally, IntelBroker alleges compromising the SIRIUS platform, utilized by judicial and law enforcement authorities across 47 countries for accessing electronic evidence in criminal investigations.
The group is reportedly offering to sell the purportedly stolen Europol data and demanding payment in Monero cryptocurrency.
Europol has responded to the incident, acknowledging awareness and initial actions taken, while clarifying that no operational data from Europol has been compromised. They specify the breach’s limitation to a Europol Platform for Expert (EPE) closed user group, with no impact on core Europol systems.
However, this incident is not the first security breach concerning the EU police agency. In September 2023, sensitive personnel files, including those of Europol’s executive director Catherine De Bolle, were reportedly missing, indicating a significant security and personal data breach.
IntelBroker, operational since December, has previously claimed responsibility for breaches and data leaks involving various U.S. government agencies and a major unnamed cybersecurity company, purportedly Zscaler.
The latest claim by IntelBroker regarding the Europol breach underscores the persistent challenges in safeguarding sensitive law enforcement data from increasingly sophisticated cyber threats.
Source: cybersecuritynews.com
