Public administration — named European institutions and government data in the firing line

The public sector again carried high-severity activity on multiple vectors. The Council of Europe — a Strasbourg human-rights body of which Switzerland is a member — was named in the ShinyHunters PeopleSoft campaign (§ 2). Iran-aligned Handala breached California Water Service through an internet-exposed RTKBase GNSS platform, leaking billing PII for ~2M customers though without OT access (SecurityWeek, 2026-06-14; daily 06-15). Texas Parks & Wildlife disclosed a third-party-vendor breach exposing 3.08M licence holders' names and driver's-licence numbers (BleepingComputer, 2026-06-18; daily 06-21). And the recurring lesson for CH/EU administration is the PTC Windchill emergency (§ 1), where the BSI's after-hours calls underline how government CERTs are now treating internet-exposed public-sector and industrial software.