European Commission knocked offline by major DDoS attack

But no data breach has occurred, claims the Commission

Another large-scale distributed denial of service (DDoS) attack has hit a major organisation, this time bringing down the European Commission. The Commission was attacked on Thursday, bringing internet access to a halt for staff for hours.

The Commission confirmed the attack to Politico, saying that while it did fall victim to a DDoS attack, no data breached was experienced.

"No data breach has occurred," a Commission spokesperson said. "The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time."

While the Commission remained vague on the attack, which began at 3pm on Thursday, one loose-lipped staffer said that: "No one could work this afternoon, since the internet was gone twice, for several hours." The Commission's website was also taken down.

The Commission's IT services sent an email to staff around 6pm. which described the attack as a "denial of service … which resulted in the saturation of our internet connection."

The team were still fending off the attack late into the evening, Politico notes, but a source at the Commission's DIGIT team has since said the situation is under control.

It's unclear why the EC was targeted, and the group of hackers who launched the attacks is not yet known. However, the Commision claims that it has already started an investigation and will share more information at a later time.

The attack comes just a week after Akamai warned that denial-of-service (DDoS) "mega-attacks" are on the rise have the potential to cause major problems.

The content delivery firm said in its third quarter report that while the overall number of DDoS attacks didn't increase during 2016, the size and severity of the attacks did.

This was aided by the number of insecure Internet of Things (IoT) devices in circulation which have subsequently been compromised and used in DDoS attacks, such as that on internet performance outfit Dyn.

Akamai suggested that the number of DDoS attacks in excess of 100Gbps increased from 12 to 19 between the second quarter and third quarters, while there were only eight in the third quarter of last year.