The European Commission has confirmed a major data breach following a cyberattack on its cloud-hosted websites, marking the second significant security incident for the institution this year. Hackers reportedly exfiltrated hundreds of gigabytes of sensitive information.
Cloud infrastructure compromised
The European Commission has reported a data breach after the cloud infrastructure hosting its Europa.eu platform websites was hacked. The incident, detected on March 24, affected at least one European Commission AWS account. The ransomware group ShinyHunters has claimed responsibility.
Commission representatives stated that the attack did not disrupt website operations, which continued normally. Internal systems were also unaffected, suggesting strong segmentation between public web services and the organisation’s core network.
“Preliminary investigation results indicate that data has been stolen from the websites. The Commission is currently notifying EU structures that may have been impacted. A full-scale investigation into the consequences of the attack is ongoing,” an official statement read.
Details of the breach remain scarce
However, the Commission provided almost no details about the attack: neither the type of data stolen, its volume, the initial access vector used by the attackers, nor the duration of their presence in the system. Amazon Web Services stressed that the incident was unrelated to the security of its services.
ShinyHunters told Bleeping Computer that they stole over 350GB of data from the European Commission, including several databases, before access was blocked. The hackers did not reveal how they infiltrated the system but shared screenshots with journalists showing access to Commission staff data and the organisation’s mail server.
The group has also added a post about the breach on its darknet site, claiming to have stolen “mail server dumps, databases, confidential documents, contracts, and other materials.” On the site, hackers published an archive of over 90GB, apparently obtained from the compromised cloud environment.
This is the second recent cybersecurity incident affecting the European Commission. Earlier this year, a compromise of its mobile device management (MDM) platform exposed the names and phone numbers of staff. That attack is believed to have exploited vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), which also affected the Dutch Data Protection Authority and the Finnish state agency Valtori.
