Europol is investigating a cybercriminal's claims that they stole confidential data from a number of the agency's sources.

Among the sources referenced by the cybercriminal, the Europol Platform for Experts (EPE) is confirmed to be the main subject of the incident and has remained down for maintenance since May 10.

The event hasn't been acknowledged as a break-in to the systems, although the European Union's crimefighting agency hasn't explicitly denied the legitimacy of the claims.

"Europol is aware of the incident and is assessing the situation," a spokesperson told The Register. "Initial actions have already been taken.

"The incident concerns a Europol Platform for Experts closed user group. No operational information is processed on this EPE application.

"No core systems of Europol are affected and therefore, no operational data from Europol has been compromised."

The miscreant claiming responsibility for the attack operates using the IntelBroker moniker and also recently boasted of an attack on security shop Zscaler, which later took a test environment offline per its investigations. An employee at Zscaler also attempted to quash any speculation about a break-in on social media.

The cybercrim previously bragged about their role in the theft of data belonging to the Pentagon and other national security agencies last month.

IntelBroker claimed to have accessed Europol data designated as classified and for official use only (FOUO), including source code, alliance employees, and "documents for recon."

As well as EPE, they claim to have broken into the cryptocurrency and space divisions of Europol's European Cybercrime Centre (EC3), the Partnership on Climate Change and Sustainable Energy (CCSE), and the SIRIUS project.

IntelBroker provided a sample of data in its forum post to "prove" the authenticity of the break-in and theft to prospective buyers. Included in the sample were what appeared to be screenshots of the EPE platform from the perspective of an authenticated user in the EC3 space.

Additionally, images appeared to show IntelBroker accessing EPE discussions between law enforcement and SIRIUS officers about requesting sensitive data from social media platforms.

The SIRIUS project is funded by the EU and aims to provide investigators with the resources to more efficiently carry out cross-border data requests from other authorities and service providers, such as social media platforms.

Investigators are also able to share their experiences about specific requests, as well as updated details for different service providers about the best point of contact for requesting data, for example. This was the case with the leaked samples, which showed law enforcement officials discussing how to obtain information from Telegram.

Rounding off the sample of data leaked by IntelBroker is a sprawling list of data on users of the EC3 secure messaging feature of the EPE platform. The data includes full names, job titles, employers, locations by country, and areas of expertise.

The Register asked Europol for additional information about the incident but it didn't respond.

IntelBroker has updated the post to claim the data is now sold. A price wasn't explicitly set for the data but the criminal invited offers via direct message on BreachForums, and accepted Monero only. 

System break-ins across the EU

The incident at Europol came just a few weeks after the European Parliament announced to its staff that data from its PEOPLE recruitment app had been exposed.

PEOPLE, which is based in Luxembourg, is largely used to recruit temporary staff such as interns, contractors, consultants, and assistants.

Kristian Knudsen, director-general for personnel at the European Parliament, told staff that their data may have been exposed following an attack at the beginning of the year, according to a memo seen by Euractiv.

Staff were encouraged to change their passwords and inform their family and friends of the issue so they don't get caught up in any potential scams that may come as a result of criminals peddling their data. ®

https://www.theregister.com//2024/05/13/europol_data_breach/