Leak at Europa (European Commission)
In March 2026, the European Commission's Europa.eu web-hosting infrastructure was breached via a stolen AWS key (Trivy supply-chain compromise); ~91.7 GB of data covering 30+ EU entities — names, emails, email content and documents — was exfiltrated and leaked by ShinyHunters.
- Victim
- Europa (European Commission)
On 24 March 2026, the European Commission — the EU's executive body, whose public websites run on the shared Europa.eu hosting platform — detected a breach of part of its cloud infrastructure. The compromise originated upstream: on 19 March, attackers obtained an Amazon Web Services (AWS) secret key through the Trivy supply-chain compromise (attributed to the threat actor TeamPCP). That key gave control over an AWS account that powers a large portion of the Commission's public-facing web systems.
Using the stolen credentials, the attackers exfiltrated roughly 91.7 GB of compressed data (about 340 GB uncompressed) drawn from the web-hosting environment. The dataset affected dozens of client services — around 42 internal Commission entities and at least 29 other EU bodies hosted on the same platform. On 28 March 2026, the data-extortion group ShinyHunters published the stolen data on its dark-web leak site.
Exposed data categories included:
- Names, surnames, usernames and email addresses
- Email communications (roughly 51,992 files / 2.22 GB of email content and notifications)
- Database records and user-submitted form data from hosted websites
- Confidential documents and contracts
The Commission stated that its internal systems were not touched and that the impact was limited to the public web-hosting infrastructure. In response, the compromised AWS credentials were revoked and the attacker's access disabled, while CERT-EU and the affected entities continued analysing the exposed databases. The incident was disclosed publicly via Commission press release on 27 March 2026.
Sources
- ec.europa.euhttps://ec.europa.eu/commission/presscorner/detail/fr/ip_26_748
- next.inkhttps://next.ink/brief_article/nouvelle-fuite-de-donnees-a-la-commission-europeenne/
- cyberattaque.orghttps://www.cyberattaque.org/commission-europeenne-917-go-de-donnees-voles-apres-une-cyberattaque-sur-aws/
- ec.europa.euhttps://ec.europa.eu/commission/presscorner/detail/fr/ip_26_342
- cert.europa.euhttps://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/
- securityaffairs.comhttps://securityaffairs.com/190333/security/european-commission-breach-exposed-data-of-30-eu-entities-cert-eu-says.html