European Commission confirms data breach following cyberattack on Europa platform

The European Commission has confirmed a data breach involving its Europa.eu web platform after a cyberattack attributed to the ShinyHunters extortion group compromised at least one cloud-based account, exposing potentially sensitive data while leaving internal systems unaffected.

The European Commission, the executive branch of the European Union responsible for proposing legislation and implementing decisions, stated that the incident involved unauthorized access to externally hosted web services. The breach affected at least one Amazon Web Services account connected to the Europa platform, which hosts official EU websites and public-facing information.

Initial findings indicate that data was extracted from affected websites. The Commission has begun notifying European Union entities that may have been impacted and is continuing its investigation to determine the full scope of the incident. Officials confirmed that the attack did not disrupt any Europa websites and that containment measures were quickly implemented to prevent further data loss.

The Commission emphasized that its internal systems were not compromised. Ongoing monitoring and additional safeguards have been deployed to protect internal infrastructure and data, while a full analysis is underway to strengthen cybersecurity defenses.

The ShinyHunters group, known for conducting large-scale data extortion operations, has claimed responsibility for the breach. The group asserted that it exfiltrated more than 350 gigabytes of data, including databases and internal materials, before access was cut off. Evidence shared by the attackers indicates access to certain employee-related data.

The group has also listed the European Commission on its dark web leak site, alleging the theft of mail server data, databases, contracts, and other confidential documents. An archive exceeding 90 gigabytes of files has been released, purportedly originating from the compromised cloud environment.

ShinyHunters has been linked to a series of high-profile breaches in recent months, targeting organizations across multiple sectors. Some of these incidents have been associated with coordinated voice phishing campaigns aimed at compromising single sign-on accounts tied to major identity platforms.

The latest breach follows another security incident disclosed by the Commission in February, involving a compromised mobile device management platform used to oversee staff devices.