Security & Infrastructure Tools
European Commission confirms data breach after Europa.eu hack by ShinyHunters
European Commission confirmed a data breach after its Europa.eu platform was hacked by the ShinyHunters extortion gang, stealing over 350 GB of data from AWS accounts. The attack did not disrupt public websites but affected internal data, prompting investigations and security measures. ShinyHunters also released an archive of 90 GB of stolen files on their dark‑web leak site. The Commission is notifying affected EU entities and enhancing cybersecurity defenses amid ongoing investigations.
The European Commission has confirmed a data breach linked to its Europa.eu web platform, with the incident reportedly connected to a cyberattack claimed by the ShinyHunters extortion group. At least one of the Commission’s Amazon Web Services (AWS) accounts appears to have been affected. Officials say the attack did not disrupt Europa websites, and staff moved quickly to contain the incident and prevent further data theft.
Early findings from the ongoing investigation indicate that data were taken from some of the Commission’s online services. The Commission has begun notifying Union entities that may be affected and has emphasized that its internal systems were not compromised. Authorities say they will continue to monitor the situation and take all necessary steps to safeguard data and strengthen cybersecurity measures.
Details emerging from the attacker’s claims suggest that more than 350 GB of data were stolen before access was blocked, including multiple databases. While the perpetrators did not disclose exactly how they breached the Commission’s AWS accounts, they did provide screenshots showing access to data belonging to European Commission employees. In addition, ShinyHunters has added an entry for the European Commission to its dark web leak site, alleging the theft of “data dumps of mail servers, databases, confidential documents, contracts, and other sensitive material,” and releasing an archive of more than 90 GB of files said to come from the Commission’s compromised cloud environment.
The breach at the European Commission is not an isolated incident for the hacker group. ShinyHunters has in recent months claimed breaches at several other large organizations, including Infinite Campus, CarGurus, Canada Goose, Panera Bread, Betterment, SoundCloud, Pornhub, and the Match Group umbrella (which owns Tinder, Hinge, OkCupid, and Meetic, among others). Some of these breaches reportedly involved targeted campaigns designed to compromise single sign-on accounts through sophisticated phishing and vishing techniques, affecting Okta, Microsoft, and Google accounts across more than 100 organizations.
In a related development, the Commission disclosed a separate data breach in February after its mobile device management (MDM) platform, used to manage staff devices, was found breached. The confluence of these incidents comes amid the Commission’s contemplation of new cybersecurity legislation aimed at strengthening member states’ defenses against state-backed actors and organized cybercrime.
Together, the incidents underscore the persistent risk to cloud environments and public-sector networks. The Commission has stated that it will analyze the full scope and impact of the breach, using the findings to bolster its cybersecurity capabilities and prevent recurrence. As investigations continue, the emphasis remains on containment, notification, and fortifying defenses to safeguard sensitive data across EU institutions.
