EU Commission Detects Cyberattack on Mobile Device Management Systems
On January 30, CERT-EU, the European Commission’s cybersecurity team, identified a cyberattack targeting the Commission’s IT infrastructure, specifically systems used for mobile device management. The incident was swiftly contained, with affected systems restored within nine hours.
While no mobile devices were compromised, CERT-EU confirmed that hackers may have accessed personal data of some European Commission staff, including names and phone numbers. The agency is conducting a full review to strengthen cybersecurity measures and prevent future breaches.
The European Commission emphasized its commitment to securing internal systems, framing the response as part of a broader EU initiative to bolster cybersecurity across all institutions. This effort aligns with the recently introduced Cybersecurity Package, announced on January 20, aimed at enhancing resilience against growing cyber and hybrid threats targeting critical services and democratic institutions.
The incident follows recent cybersecurity breaches affecting other European entities, including the European Space Agency and major firms targeted by access system vulnerabilities.
Source: https://www.securityweek.com/european-commission-investigating-cyberattack/
European Commission cybersecurity rating report: https://www.rankiteo.com/company/european-commission
"id": "EUR1770630855",
"linkid": "european-commission",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'European Commission staff',
'industry': 'Public Sector',
'location': 'European Union',
'name': 'European Commission',
'type': 'Government'}],
'data_breach': {'personally_identifiable_information': 'Names and phone '
'numbers',
'sensitivity_of_data': 'Names and phone numbers',
'type_of_data_compromised': 'Personal data'},
'date_detected': '2024-01-30',
'date_publicly_disclosed': '2024-01-30',
'description': 'CERT-EU detected a cyberattack targeting the European '
'Commission’s IT infrastructure, specifically systems used for '
'mobile device management. The incident was contained, and '
'affected systems were restored within nine hours. Hackers may '
'have accessed personal data of some European Commission '
'staff, including names and phone numbers.',
'impact': {'data_compromised': 'Personal data of some European Commission '
'staff, including names and phone numbers',
'downtime': '9 hours',
'identity_theft_risk': 'Potential risk due to exposure of personal '
'data',
'operational_impact': 'Systems restored within nine hours',
'systems_affected': 'Mobile device management systems'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Need to strengthen cybersecurity measures to prevent '
'future breaches',
'post_incident_analysis': {'corrective_actions': 'Full review to strengthen '
'cybersecurity measures'},
'recommendations': 'Enhance resilience against growing cyber and hybrid '
'threats targeting critical services and democratic '
'institutions',
'references': [{'source': 'CERT-EU'}],
'response': {'containment_measures': 'Incident swiftly contained',
'enhanced_monitoring': 'Full review to strengthen cybersecurity '
'measures',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Systems restored within nine hours',
'remediation_measures': 'Affected systems restored'},
'stakeholder_advisories': 'Commitment to securing internal systems as part of '
'broader EU cybersecurity initiatives',
'title': 'Cyberattack on EU Commission Mobile Device Management Systems',
'type': 'Cyberattack'}