The breach has brought back into focus an earlier Europol security incident reported in March which involved the disappearance of physical personal records belonging to Catherine De Bolle, Europol’s executive director, and other senior officials before September 2023.

Despite the agency’s assurances of minimal impact, questions are being raised about the security of data even within high-profile government agencies like the Europol.

“This incident shows hackers are few steps ahead even from Government and law enforcement sites,” said Pareekh Jain, chief analyst at Pareekh Consulting.“These law enforcement agencies need to up their security preparation with more collaboration from security tech companies, more ethical hacking, penetration testing, and bug bounties. Also, a collaboration between different state agencies like in the US, Europe, and Asia is required to keep these sophisticated hackers in check.”

Massive classified data compromise

IntelBroker described the data breached as containing classified information from within the FOUO section, including information on alliance employees, FOUO source code, PDFs, and documents for recon and guidelines.

Additionally, the threat actor claimed to gain access to EC3 SPACE (Secure Platform for Accredited Cybercrime Experts), an EPE portal community with “hundreds of cybercrime-related materials” used by over 6,000 authorized cybercrime experts from around the world.

The experts’ community includes law enforcement from EU Member States’ competent authorities as well as non-EU countries, judicial authorities, academic institutes, private companies, non-governmental and international organizations, and the Europol staff.