"Early November the OSCE became aware of a major information security incident," OSCE spokeswoman Mersiha Causevic Podzic told AFP via email.
The attack "compromis[ed] the confidentiality" of the OSCE's IT network and put "its integrity at risk", although the organisation was still able to operate, she said.
According to French daily Le Monde, which first reported the incident, a Western intelligence agency believes that Russian hackers group APT28 was behind the attack.
This group, also known as Pawn Storm, Sofacy and Fancy Bear, is believed to be behind other high-profile cyber attacks and to be linked to Russia's security services, Le Monde said.
The OSCE declined to comment on this, saying only that "the way in which the attacker accessed the OSCE was identified, as have some of the external communication destinations".
The Vienna-based OSCE has its origins in the Cold War but after 1991 the organisation expanded and now has 57 member states including the United States, Russia and Ukraine.
It currently has some 700 monitors keeping on the eye on the conflict in eastern Ukraine and is also active in monitoring elections and media freedom.