← Back
European Commission Reports Hack and Data Breach
Policy
Security
Technology
Strategy
International
🛡️
CVE Intelligence
Loading CVE data...
The European Commission reported a data breach following the compromise of the cloud infrastructure hosting the Europa[.]eu platform websites. The incident was discovered back on March 24, and the attack affected at least one EC AWS account. The extortion group ShinyHunters has claimed responsibility for the incident.
According to representatives of the European Commission, the attack did not disrupt the operation of the websites, and they continued to function as normal. The organization’s internal systems were also not affected, which may indicate good segmentation between the public web services and the organization’s core network.
“Preliminary findings of the investigation indicate that data was stolen from the websites. The Commission is currently notifying EU bodies that may have been affected by the incident. The investigation into the full extent of the consequences of the [attack] is ongoing,” the official statement says.
At the same time, the European Commission disclosed virtually no details about the attack: neither the type of data stolen, nor its volume, nor the attackers’ initial access vector, nor the duration of their presence in the system. Amazon Web Services, for its part, emphasized that the incident was not related to the security of its services.
Representatives of the ShinyHunters group told Bleeping Computer that they stole more than 350 GB of data from the European Commission, including several databases, before their access was blocked. The hackers are not disclosing how they infiltrated the system, but they provided journalists with screenshots confirming that they had gained access to European Commission staff data and the organization’s mail server.
The group has also added an entry about the European Commission hack to its site on the dark web, claiming the theft of “mail server dumps, databases, confidential documents, contracts, and other materials.” On the site, the hackers published an archive of more than 90 GB, presumably obtained from a compromised cloud environment.
It’s worth noting that this is already the second information security incident for the European Commission in a short period of time. Earlier this year, it became known that its mobile device management (MDM) platform had been compromised, allowing attackers to gain access to employees’ names and phone numbers. This attack was reportedly linked to the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), which also affected the Dutch Data Protection Authority and the Finnish government agency Valtori.
According to representatives of the European Commission, the attack did not disrupt the operation of the websites, and they continued to function as normal. The organization’s internal systems were also not affected, which may indicate good segmentation between the public web services and the organization’s core network.
“Preliminary findings of the investigation indicate that data was stolen from the websites. The Commission is currently notifying EU bodies that may have been affected by the incident. The investigation into the full extent of the consequences of the [attack] is ongoing,” the official statement says.
At the same time, the European Commission disclosed virtually no details about the attack: neither the type of data stolen, nor its volume, nor the attackers’ initial access vector, nor the duration of their presence in the system. Amazon Web Services, for its part, emphasized that the incident was not related to the security of its services.
Representatives of the ShinyHunters group told Bleeping Computer that they stole more than 350 GB of data from the European Commission, including several databases, before their access was blocked. The hackers are not disclosing how they infiltrated the system, but they provided journalists with screenshots confirming that they had gained access to European Commission staff data and the organization’s mail server.
The group has also added an entry about the European Commission hack to its site on the dark web, claiming the theft of “mail server dumps, databases, confidential documents, contracts, and other materials.” On the site, the hackers published an archive of more than 90 GB, presumably obtained from a compromised cloud environment.
It’s worth noting that this is already the second information security incident for the European Commission in a short period of time. Earlier this year, it became known that its mobile device management (MDM) platform had been compromised, allowing attackers to gain access to employees’ names and phone numbers. This attack was reportedly linked to the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), which also affected the Dutch Data Protection Authority and the Finnish government agency Valtori.