European Commission investigating breach of cloud systems - Updated

Attacker plans to publish data rather than extort the Commission

The European Commission is investigating a security incident involving part of its cloud infrastructure, after a threat actor claimed to have gained access to internal systems and exfiltrated data.

Update 30^th March 2026: The ShinyHunters threat group has claimed responsibility for the attack. It has added the Commission to its Tor data leak site. The European Commission has also released a statement.

The original story continues below:

According to Bleeping Computer the attacker is believed to have compromised at least one account used to manage the Commission’s cloud environment, potentially exposing employee information and internal services.

The Commission has not publicly confirmed any details, but sources familiar with the incident say it was detected quickly and is now being examined by the EC’s cyber incident response teams.

Computing understands that, although the incident involved data on Amazon infrastructure, AWS’ security was not itself compromised. A spokesperson told us, “AWS did not experience a security event, and our services operated as designed.”

The threat actor contacted Bleeping Computer directly and claimed to have stolen more than 350GB of data, including databases and internal files. They also shared screenshots as evidence of access. They apparently do not intend to extort the organisation, but plan to publish the data at a later date.

If confirmed, the incident would represent another high‑profile example of attackers targeting cloud management layers rather than exploiting vulnerabilities in underlying infrastructure.

Not an isolated incident

The news follows a separate breach disclosed earlier this year, in which the Commission said attackers accessed parts of its mobile device management environment. That campaign was linked to vulnerabilities in Ivanti Endpoint Manager Mobile software.

The February incident was part of a wider wave of attacks against European public sector organisations, including regulators and government agencies in multiple member states.

The alleged cloud breach comes at an awkward time for EU policymakers. The Commission has been pushing for stronger cyber resilience across Europe, while simultaneously increasing regulatory scrutiny of hyperscale cloud providers and raising questions about digital sovereignty and control over critical systems.