European Space Agency: ESA Says Data Breach Was Limited to Servers with Unclassified Documents

ESA Confirms Limited Data Breach Affecting Science Servers

The European Space Agency (ESA) has acknowledged a data breach affecting a small number of its science servers, following reports of stolen data being offered for sale online. On 26 December, a hacker using the alias “888” claimed to have compromised over 200 gigabytes of ESA data, including proprietary source code, project documentation, API tokens, and hardcoded credentials.

In a statement issued on 29 December, ESA confirmed awareness of the allegations and launched a forensic investigation. By 30 December, the agency reported that the breach appeared to impact only a “very limited number of science servers,” which operate outside its corporate network. These servers support unclassified collaborative engineering projects within the scientific community.

ESA described the incident as having a “limited” impact, noting that affected stakeholders had been notified and short-term remediation measures were implemented. The agency continues its forensic analysis and has indicated further updates will follow as the investigation progresses.

Source: https://europeanspaceflight.com/esa-says-data-breach-was-limited-to-servers-with-unclassified-documents/

European Space Agency - ESA cybersecurity rating report: https://www.rankiteo.com/company/european-space-agency

"id": "EUR1767094956",
"linkid": "european-space-agency",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Aerospace/Defense',
                        'location': 'Europe',
                        'name': 'European Space Agency (ESA)',
                        'type': 'Government Agency'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Source code for proprietary '
                                              'software',
                                              'Sensitive project documentation',
                                              'API tokens',
                                              'Hardcoded credentials']},
 'date_detected': '2023-12-26',
 'date_publicly_disclosed': '2023-12-29',
 'description': 'The European Space Agency (ESA) confirmed a data breach '
                'affecting a limited number of science servers outside its '
                "corporate network. A hacker using the alias '888' claimed to "
                'have compromised over 200GB of data, including source code, '
                'project documentation, API tokens, and hardcoded credentials.',
 'impact': {'data_compromised': 'Over 200GB of data',
            'systems_affected': 'Limited number of science servers outside the '
                                'ESA corporate network'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Data offered for sale'},
 'investigation_status': 'Ongoing',
 'references': [{'date_accessed': '2023-12-30',
                 'source': 'ESA Initial Statement'},
                {'date_accessed': '2023-12-26',
                 'source': 'Hacker Listing on X'}],
 'response': {'communication_strategy': 'Public statement issued; stakeholders '
                                        'notified',
              'containment_measures': 'Short-term remediation measures '
                                      'implemented to secure potentially '
                                      'affected devices'},
 'stakeholder_advisories': 'Relevant stakeholders notified',
 'threat_actor': "Hacker alias '888'",
 'title': 'European Space Agency (ESA) Data Breach',
 'type': 'Data Breach'}