European Commission Cyberattack Compromises AWS Cloud Infrastructure
Severity: High (Score: 62.5)
Sources: Computing, Rss.Slashdot, Kurzy.Cz, Cybersecuritynews, Techbuzz.Ai
Summary
The European Commission confirmed a cyberattack on March 24, 2026, affecting its cloud infrastructure on the Europa.eu platform. Hackers claimed to have stolen over 350GB of data, including sensitive information related to Commission employees and internal databases. The breach was reportedly facilitated through the compromise of at least one Amazon Web Services (AWS) account. The Commission's internal systems were not affected, and immediate containment measures were implemented to mitigate risks. The attackers have stated they will leak the stolen data rather than extort the Commission. This incident follows a previous breach in January 2026, which exposed employee data through vulnerabilities in mobile device management systems. The full scope of the stolen data and the method of breach remain under investigation. Key Points: • Over 350GB of data stolen from the European Commission's AWS cloud infrastructure. • The attack was detected quickly, with no impact on internal systems reported. • The hackers plan to leak the stolen data instead of seeking ransom.
Key Entities
- Data Breach (attack_type)
- Phishing (attack_type)
- Council Of The European Union (company)
- Dutch Data Protection Authority (company)
- European Commission (company)
- Valtori (company)
- Finland (country)
- europa.eu (domain)
- europea.eu (domain)
- investing.com (domain)
- Government (industry)
- Telecommunications (industry)
- T1041 - Exfiltration Over C2 Channel (mitre_attack)
- T1078 - Valid Accounts (mitre_attack)
- T1566 - Phishing (mitre_attack)
- T1567 - Exfiltration Over Web Service (mitre_attack)
- Amazon Cloud Infrastructure (platform)
- AWS Identity Center (platform)
- Europa.eu Platform (platform)
- Microsoft Entra ID (platform)