Pierluigi Paganini April 03, 2024

Serious security breach hits EU police agency

A batch of highly sensitive files containing the personal information of top Europol executives mysteriously disappeared last summer

The website Politico reported that the Europol has suffered a serious security breach, a batch of sensitive files of top law enforcement officials, including Europol Executive Director Catherine De Bolle, went missing last summer.

The sensitive documents were in a secure storage room at Europol’s headquarters in The Hague. The European police launched an investigation, which is still ongoing, into the security breach.

“On Sep. 6, 2023, the Europol Directorate was informed that personal paper files of several Europol staff members had disappeared,” reads an internal agency note seen by POLITICO. When officials checked all the agency’s records, it discovered “additional missing files,” it added.

“Given Europol’s role as law enforcement authority, the disappearance of personal files of staff members constitutes a serious security and personal data breach incident,” the note, shared on its internal message board system and dated September 18, said.

EUROPOL notified the impacted individuals and the European Data Protection Supervisor (EDPS).

The disappearance of personal files of EUROPOL officials poses a serious risk to the impacted individuals and to the agency’s operations, including its investigations.

An unsettling aspect emerges from POLITICO’s report regarding the discovery by a citizen of some of the files in a public place in The Hague.

It is still unclear how long the files have been missing or which are the cause of the security breach.

The missed personnel files included those of Europol’s Executive Director De Bolle and three of her deputy directors, Jürgen Ebner, Andrei Lințǎ and Jean-Philippe Lecouffe.

Missed files include human resources files that contain a huge trove of sensitive information.

POLITICO reported that following the security breach, the agency head of Human Resources, Massimiliano Bettin, was placed on administrative leave.

“Europol’s sensitive hardcopy HR files are kept locked away in a safe, in a room that is limited to restricted personnel. Very few people know the code to the safe, one of the officials who had direct knowledge of the procedure said. It is unclear how the files were taken.” continues POLITICO.

POLITICO speculates that the files could have been taken to damage Bettin, citing internal conflicts within the agency.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, EUROPOL)