On March 24, the European Commission identified a cyber incident impacting the cloud infrastructure that supports its Europa.eu websites. The attack was swiftly contained, mitigation measures were implemented, and no disruption to website availability was reported. Preliminary assessments indicate that some data may have been accessed, and potentially affected EU entities are currently being informed.
“Early findings of our ongoing investigation suggest that data have been taken from those websites. The Commission is duly notifying the Union entities who might have been affected by the incident,” the European Commission said in a public statement. “The Commission’s services are still investigating the full impact of the incident.”
The European Union has launched an internal investigation to determine the scope and consequences of the breach. The Commission emphasized, however, that its internal systems were not compromised, significantly limiting the overall impact of the attack.
According to the Commission, monitoring efforts remain ongoing, and additional security measures are being reinforced. Officials stated that lessons learned from the incident will be used to further strengthen cybersecurity defenses, particularly as EU institutions continue to face persistent cyber and hybrid threats targeting critical services.
The incident was first reported by BleepingComputer, which cited claims that threat actors had breached one of the European Commission’s Amazon Web Services (AWS) accounts. The attackers allegedly exfiltrated hundreds of gigabytes of data, including databases, and shared screenshots as purported proof of access. The exact nature of the stolen data has not been disclosed.
“The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to the Commission’s Amazon cloud environment,” BleepingComputer reported. “Although the incident has not yet been formally disclosed, the breach is believed to have affected at least one AWS account operated by the Commission.”
Amazon Web Services stated that it did not experience a security incident and confirmed that its infrastructure and services continued to operate normally.
While the European Commission has not released technical specifics, the attacker claimed responsibility for stealing more than 350 GB of data, including databases. Screenshots reportedly provided to BleepingComputer suggested access to employee‑related data and an email server. The initial attack vector remains unknown. The attacker stated that there is no immediate plan to extort the Commission but suggested the data could be released publicly at a later stage.
Separately, the European Commission disclosed an earlier cyber incident detected on January 30, targeting its mobile device management (MDM) system. The organization reported that no mobile devices were compromised and that the affected system was fully contained and cleaned within nine hours.
Although attackers may have accessed limited staff information—such as names and phone numbers—investigators confirmed that no devices were breached in that incident.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
