{"id":16015,"date":"2026-03-27T21:17:35","date_gmt":"2026-03-27T21:17:35","guid":{"rendered":"https:\/\/newestek.com\/?p=16015"},"modified":"2026-03-27T21:17:35","modified_gmt":"2026-03-27T21:17:35","slug":"european-commission-data-stolen-in-a-cyberattack-on-the-infrastructure-hosting-its-web-sites","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16015","title":{"rendered":"European Commission data stolen in a cyberattack on the infrastructure hosting its web sites"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

The European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week.<\/p>\n

On Thursday, the Commission revealed there had been an attack<\/a> on its Europa.eu platform, offering few details, then, on Friday, security news site Bleeping Computer reported<\/a> that the attack had involved the compromise of an account or accounts on Amazon Web Services (AWS).<\/p>\n

The news site said an unnamed threat actor who claimed responsibility told it that they had stolen over 350GB of Commission data, and had shown the reporter several screenshots as evidence.<\/p>\n

The hacker also said they will leak the data, rather than try to extort the Commission.<\/p>\n

CSO asked a spokesperson for the Commission for comment, but no reply was received by our deadline.<\/p>\n

For its part, Amazon said, \u201cAWS did not experience a security event, and our services operated as designed.\u201d<\/p>\n

The Commission said the Europa websites remain available, and that its \u201cswift response ensured the incident was contained and risk mitigation measures were implemented to protect services and data.\u201d Its internal systems weren\u2019t affected by the attack, the statement added.<\/p>\n

The incident comes after the Commission revealed on January 30 <\/a>that its central infrastructure for managing mobile devices had \u201cidentified traces of a cyber attack\u201d which may have exposed names and mobile number of some staff.<\/p>\n

IAM is hard<\/h2>\n

The lack of information about the attack makes it hard for security industry experts to comment. For one thing, it\u2019s unknown how the breach of security controls happened: Did the threat actor take advantage of an unpatched software or hardware vulnerability, find a zero day, or did an employee fall for a phishing attack?<\/p>\n

\u201cThere is very little info out,\u201d said Kellman Meghu<\/a>, chief technology officer of Canadian incident response firm DeepCove Cybersecurity, \u201cbut this does sound bad. This is why I force all my users to use AWS Identity Center sign on. No IAM-generated keys, and admin accounts are only activated through a \u2018break glass\u2019 strategy, where two people are needed to authenticate.\u201d<\/p>\n

By \u201cbreak glass\u201d strategy, Meghu said he meant that the AWS root\/admin account that controls all of an organization\u2019s cloud infrastructure is stored outside of AWS on a system that requires authorization from both the CEO and CTO, via credentials and hardware tokens. This access generates an alert, so if there was an unauthorized attempt to sign in, the CEO and CTO would know.<\/p>\n

\u201cI personally live in constant fear of this sort of thing happening\u201d he said. \u201cI create multiple separate AWS accounts using the AWS Organizations feature so accounts are completely isolated from each other. For example, there can be a \u2018dev ORG\u2019 for testing with no real data, and a \u2018uat ORG\u2019 for user testing with some data, and a \u2018prod ORG\u2019 where no one is allowed. You can also break things down so different application types get their own Organizations, which limits lateral movement. Azure has similar setup and options, which are called Tenants.<\/p>\n

\u201cThe reality is, identity access management (IAM) is hard, and not just in AWS,\u201d he added. \u201c[It\u2019s] the same challenge with all infrastructure. [Microsoft] Entra ID scares me just as much. How do we guarantee the authorized person has legitimate access? It only takes one mistake.\u201d<\/p>\n

A \u2018grim warning\u2019<\/h2>\n

Ilia Kolochenko<\/a>, CEO of Swiss-based ImmuniWeb, said that while the attack \u201cmay appear to be pretty banal on its face, there are several things to pay attention to.\u201d<\/p>\n

Referring to the Bleeping Computer report, he said that, given that the attackers allegedly plan to release the data, their key intention here is to visibly hurt and to cause reputational damage.<\/p>\n

\u201cThe attackers behind are either hacktivists or cyber mercenaries hired by a nation state,\u201d he concluded. \u201cIn view of the geopolitical turbulence around the globe, such attacks will probably surge in 2026. The problem is that in such cases, attackers rarely consider their costs and may persistently invest time and efforts in sophisticated hacking campaigns against the most protected organizations. Organizations should urgently prepare themselves for an avalanche of politically motivated attacks with highly destructive consequences this year.\u201d<\/p>\n

Combined with the previous history of similar incidents impacting the European Commission and other EU bodies, this incident \u201cis a grim warning that the European regulation of cybersecurity, that some experts perceive as excessive and unnecessarily complicated, is not a panacea against data breaches,\u201d he added. \u201cWhilst cloud data breaches are quite widespread, and have already affected thousands of large organizations in 2026, this incident may be leveraged by the opponents of further overregulation of the European data protection landscape.\u201d<\/p>\n

Kolochenko also said that European companies may utilize this incident to promote digital sovereignty and \u201cEU-made\u201d cloud. \u201cWhile data storage in Europe, under management of European cloud providers, will quite unlikely make any material change of cloud security landscape, some organizations may be tempted leave American vendors in favor of their European competitors,\u201d he said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week. On Thursday, the Commission revealed there had been an attack on its Europa.eu platform, offering few details, then, on Friday, security news site Bleeping Computer reported that the attack had involved the compromise of an account or accounts on Amazon Web Services (AWS). The news site said… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16015","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16015"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16015\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}