The European Union cybersecurity team CERT EU has disclosed details of a significant data breach involving the Commission’s Europa.eu platform, where attackers managed to extract approximately 92 GB of compressed data from a compromised Amazon Web Services account. The platform is widely used to host websites and digital services for various European institutions, making the scope of the incident particularly concerning for both internal operations and public-facing systems.
According to the report, the stolen data includes names, email addresses, and email content. This has raised serious concerns regarding the exposure of internal communications as well as the potential misuse of personal information belonging to individuals connected with European institutions. Investigators noted that at least 29 European institutions were affected by the breach, indicating that the incident extended beyond a single department or system. In addition to institutional data, information belonging to dozens of internal users within the Commission was also identified within the compromised dataset, further highlighting the depth of the intrusion.
The attack was carried out through what has been described as a supply chain compromise. Rather than directly targeting the Commission’s infrastructure, the attackers initially focused on an open source security tool that was part of the broader ecosystem supporting the platform. Through this method, they were able to obtain a secret API key, which then served as a gateway into the Commission’s cloud environment. Using this key, the attackers accessed the AWS account associated with Europa.eu and proceeded to extract large volumes of data without immediate detection. This method underscores the growing risks associated with third party dependencies and the importance of securing not only primary systems but also the tools and services integrated into them.
Following the breach, the stolen data was published online by the hacking group known as Shiny Hunters. The group has previously been linked to several high profile data incidents involving major organizations, often releasing or selling compromised datasets on underground forums. The publication of this data has amplified concerns about how the information may be used, particularly in phishing campaigns or other forms of cyber exploitation targeting individuals whose details were exposed.
CERT EU’s findings highlight ongoing challenges in managing cloud security and safeguarding interconnected systems within large institutional frameworks. The incident also draws attention to the evolving tactics used by threat actors, especially the increasing reliance on indirect entry points such as supply chain vulnerabilities. As investigations continue, the breach serves as a reminder of the importance of robust monitoring, secure key management, and thorough vetting of third party components within critical digital infrastructure.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
