A major data breach affecting European Union systems has exposed emails, user data, and internal records after hackers gained access to cloud infrastructure used by the European Commission.
According to a report by the EU’s cybersecurity team CERT EU, attackers stole around 92GB of compressed data from a compromised Amazon Web Services account linked to the Commission’s Europa.eu platform. The platform hosts websites and services used by multiple EU institutions.
The stolen data includes names, email addresses, and email content, raising concerns about both internal communications and personal data exposure. Investigators said at least 29 EU entities may have been affected, along with dozens of internal Commission users whose data was stored in the system.
The breach originated from a supply chain compromise. Attackers first targeted an open source security tool and used it to obtain a secret API key. They then used this key to access the Commission’s cloud environment and extract stored data.
After the intrusion, the stolen data was published online by the hacking group ShinyHunters, which has a history of large scale data leaks involving corporate and government systems.
Earlier reports indicate that the total volume of stolen data may be significantly higher. The attackers have claimed to possess more than 350GB of data, including databases, documents, and email backups, although the full scope remains under investigation.
The European Commission confirmed that the breach affected its cloud hosted web infrastructure but stated that internal systems were not compromised. Authorities have begun notifying affected entities while continuing forensic analysis to determine the exact extent of the exposure.
You can check out the complete report here.
