Security & Infrastructure Tools
European Commission Investigating Breach After Amazon Cloud Hack
European Commission is investigating a breach of its Amazon cloud infrastructure after a threat actor accessed at least one account used to manage the compromised system, stealing over 350 GB of data—including multiple databases—and planning to leak it later; the incident follows earlier breaches linked to Ivanti Endpoint Manager Mobile vulnerabilities and coincides with the EU’s push for stronger cybersecurity legislation and sanctions on Chinese and Iranian firms.
EU Commission investigating breach after Amazon cloud hack
The European Commission, the European Union’s executive arm, is probeing a security breach after a threat actor gained access to its Amazon cloud infrastructure. The incident affected at least one account used to manage the compromised cloud environment, and the Commission’s cybersecurity incident response team is conducting an in-depth investigation. The Commission has not publicly disclosed full details of the breach, but sources close to the matter say the intrusion was detected promptly and that investigators are now mapping the scope and pathways of the compromise.
The threat actor responsible for the intrusion claimed to have stolen more than 350 gigabytes of data, including several databases. They contacted BleepingComputer with claims of access to information belonging to European Commission employees and to an email server used by Commission personnel, and provided screenshots as proof. While the individual behind the breach indicated they do not intend to extort the Commission using the stolen material, they also stated that the data would be leaked online at a later date.
This incident follows a separate data breach disclosed by the Commission in February. On January 30, the Commission discovered that the mobile device management (MDM) platform used to oversee staff devices had been hacked. The January breach appears connected to a wider pattern of attacks targeting other European institutions, including the Dutch Data Protection Authority and Valtori—the Finnish Ministry of Finance’s government IT agency—where attackers exploited code-injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software.
The February breach and the January activity come amid ongoing discussions over Europe’s cybersecurity posture. On January 20, the Commission proposed new legislation intended to strengthen defenses against state-backed actors and organized cybercrime targeting critical infrastructure across the Union. The proposal reflects a broader EU effort to harden security for essential networks and data against evolving threats.
These incidents unfold at a time when the Council of the European Union has recently sanctioned three Chinese and Iranian companies for cyberattacks targeting critical infrastructure in member states, underscoring the geopolitical dimensions of digital security. While the Commission has not released a complete attribution or a full account of affected systems, investigators are coordinating with EU and member-state partners to assess damage and bolster defenses.
In the broader context, the European response to these breaches emphasizes the need for robust cloud security, resilient identity and access governance, and hardened mobile device management practices. As the investigation continues, officials reiterate the importance of rapid detection, comprehensive incident response, and cross-border collaboration to mitigate risks to Europe’s digital infrastructure. The situation remains fluid, with authorities pledging to provide updates as more information becomes available.