A hacker group known as IntelBroker has breached Europol’s web portal, stealing sensitive data such as classified documents, internal emails [1], employee resume data [1], and personal information of cybercrime experts [3] [6].


The breach targeted several Europol systems [6], including the Europol Platform for Experts (EPE) and the SIRIUS platform used by judicial and law enforcement authorities [3] [6]. Europol has confirmed the incident and stated that no operational data was compromised [1]. The compromised data also includes information from the European Cybercrime Centre and other organizations within Europol [1]. IntelBroker is demanding payment in the privacy-focused digital currency XMR from potential bidders. Security industry professionals believe the data dump may be legitimate [2], although Europol has not yet confirmed this [2]. IntelBroker has a history of selling sensitive information stolen from various organizations [2], including the Five Eyes intelligence community and General Electric [2]. This incident adds to previous data security scares at Europol [2], including the loss of highly sensitive HR files on senior officials [2]. The breach, claimed by threat actor IntelBroker [7], involves stolen “For Office Use Only” documents [7]. Europol has confirmed the breach but stated that core operations remain unaffected [7]. The compromised portal does not contain critical operational data [7], and Europol is investigating the incident [7]. The breach has raised concerns about data security within high-profile government agencies [7]. IntelBroker has also claimed access to EC3 SPACE [7], a portal community with cybercrime-related materials used by over 6,000 authorized experts [7]. The threat actor is offering the stolen data for sale in exchange for XMR cryptocurrency [7]. The breach has affected multiple international law enforcement and judicial authorities [5], with over 6,000 cybercrime experts worldwide potentially impacted by the stolen data. IntelBroker is actively selling the stolen data on hacking forums [5], requiring payments in Monero (XMR) [5]. This breach could be connected to previous data leaks involving Five Eyes intelligence and other US government entities [5]. The data includes personal information of alliance employees [4], source code marked as FOUO [4], operational documents [1] [3] [4] [6], and a list of specific agencies compromised [4]. The breach could pose severe risks to ongoing operations and personal security [4]. Europol has not issued a formal statement regarding the breach [4]. IntelBroker has conducted numerous high-profile data breaches in the past [4], targeting critical infrastructure in the United States and other organizations [4]. Most recently [4], the hacker claimed to have hacked Zscaler [4].


The breach by IntelBroker on Europol’s web portal has significant implications for data security within high-profile government agencies. The stolen data [3] [5] [7], including classified documents and personal information [3] [6], poses risks to ongoing operations and personal security [4]. Europol’s investigation and potential mitigations are crucial in addressing the breach and preventing future incidents. The breach highlights the importance of robust cybersecurity measures in protecting sensitive information from threat actors like IntelBroker.


[1] https://www.darkreading.com/cyberattacks-data-breaches/intelbroker-nabs-europol-info-agency-investigating
[2] https://www.infosecurity-magazine.com/news/threat-actor-europol-data-breach/
[3] https://hipther.com/cybersecurity/2024/05/13/68489/notorious-hacker-intelbroker-claims-that-europol-has-suffered-a-data-breach/0/
[4] https://www.hackread.com/europol-hacked-intelbroker-claims-data-breach/
[5] https://news.cloudsek.com/2024/05/intelbroker-strikes-again-security-breach-at-europol-raises-alarm-across-international-law-enforcement/
[6] https://cybersecuritynews.com/intelbroker-claims-europol-data-breach/
[7] https://www.csoonline.com/article/2104251/intelbroker-steals-classified-data-from-the-europol-website.html