EU Commission Investigates Cloud Breach After Threat Actor Steals 350GB of Data
The European Commission is probing a security breach after a threat actor infiltrated its Amazon cloud infrastructure, gaining access to sensitive employee data. While the EU’s executive body has not publicly acknowledged the incident, sources confirmed to BleepingComputer that at least one account managing the compromised cloud environment was affected.
The attack was swiftly detected, prompting the Commission’s cybersecurity incident response team to launch an investigation. The threat actor, who claimed responsibility, told BleepingComputer they exfiltrated over 350GB of data including multiple databases and provided screenshots as proof of access to employee information and an internal email server. Unlike typical ransomware attacks, the actor stated they have no plans to extort the Commission but intend to leak the data online at a later date.
This breach follows a separate incident in January, when the Commission disclosed a hack of its mobile device management platform, linked to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software. Similar attacks targeted other European institutions, including Finland’s Valtori and the Dutch Data Protection Authority.
The incidents coincide with heightened cybersecurity concerns in the EU. In January, the Commission proposed new legislation to bolster defenses against state-backed cyber threats, while the Council of the European Union recently sanctioned three Chinese and Iranian firms for cyberattacks on critical infrastructure.
European Commission cybersecurity rating report: https://www.rankiteo.com/company/european-commission
"id": "EUR1774628727",
"linkid": "european-commission",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Employees',
'industry': 'Public Sector',
'location': 'European Union',
'name': 'European Commission',
'size': 'Large',
'type': 'Government Institution'}],
'attack_vector': 'Cloud Infrastructure Compromise',
'data_breach': {'data_exfiltration': 'Yes (350GB exfiltrated)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (employee data, internal '
'communications)',
'type_of_data_compromised': ['Databases',
'Employee information',
'Internal email server data']},
'description': 'The European Commission is investigating a security breach '
'after a threat actor infiltrated its Amazon cloud '
'infrastructure, gaining access to sensitive employee data. '
'The threat actor exfiltrated over 350GB of data, including '
'multiple databases and employee information, with plans to '
'leak it online.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to the '
'European Commission',
'data_compromised': '350GB of data, including databases and '
'employee information',
'identity_theft_risk': 'High (employee data exposed)',
'systems_affected': 'Amazon cloud infrastructure, internal email '
'server'},
'investigation_status': 'Ongoing',
'motivation': 'Data Exfiltration (Non-Ransomware)',
'ransomware': {'data_encryption': 'No',
'data_exfiltration': 'Yes',
'ransom_demanded': 'No',
'ransom_paid': 'No'},
'references': [{'source': 'BleepingComputer'}],
'response': {'communication_strategy': 'Limited public acknowledgment',
'incident_response_plan_activated': 'Yes'},
'title': 'EU Commission Cloud Breach: Threat Actor Steals 350GB of Data',
'type': 'Data Breach'}