The European Commission is reportedly the victim of a data breach claimed by the cybercrime group ShinyHunters, which alleges that stolen data includes material from mail servers and internal communications systems.
The group has listed the European Commission on its Tor‑based data leak site, asserting that it exfiltrated more than 350 GB of data. According to the claims, the compromised information may include mail server data dumps, databases, confidential documents, contracts, and other sensitive internal materials.
On March 24, the European Commission disclosed that it had identified a cyberattack impacting the cloud infrastructure supporting its Europa.eu websites. The incident was rapidly contained, mitigation measures were deployed, and no disruption to website availability occurred. Preliminary assessments indicated that some data may have been accessed, prompting notifications to potentially affected EU entities.
“Early findings of our ongoing investigation suggest that data have been taken from those websites. The Commission is duly notifying the Union entities who might have been affected by the incident,” the European Commission said in a press release. “The Commission’s services are still investigating the full impact of the incident.”
The European Union has since launched a formal investigation to assess the scope and consequences of the breach. The Commission emphasized that its internal systems were not compromised, which helped limit the overall impact of the incident.
Officials stated that the situation remains under close monitoring and that additional protective measures are being reinforced. The Commission also noted that insights gained from the incident will be used to strengthen cybersecurity defenses, as EU institutions continue to face persistent cyber and hybrid threats aimed at critical services and organizations.
The incident was first reported by BleepingComputer, which cited claims that threat actors accessed one of the European Commission’s Amazon Web Services (AWS) accounts. The attackers allegedly stole hundreds of gigabytes of data, including databases, and shared screenshots as purported evidence of the breach. The exact nature of the stolen data has not been confirmed. AWS stated that it did not experience a security incident and that its services operated as expected.
At this time, the attack vector used to gain access remains unknown.
Separately, on January 30, the European Commission disclosed another cyber incident involving its mobile device management system. While attackers may have accessed limited staff information such as names and phone numbers, no mobile devices were compromised. The affected system was fully contained and remediated within nine hours.
ShinyHunters has recently targeted several high‑profile organizations, leaking data when extortion attempts were unsuccessful. Known victims include Odido, Figure, Canada Goose, and SoundCloud. The group primarily relies on social engineering tactics particularly voice phishing to obtain credentials and gain unauthorized access to SaaS platforms such as Salesforce, Okta, and Microsoft 365.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
