European Commission investigating breach after Amazon cloud hack

Summary

The European Commission is investigating a security breach involving unauthorized access to its Amazon Web Services infrastructure by a threat actor who claims to have stolen over 350 GB of data, including databases and employee information. The attacker contacted BleepingComputer with screenshots as proof but stated they would leak rather than extort the data. This incident follows a February breach involving the Commission's mobile device management platform and is part of a broader pattern of attacks targeting EU institutions exploiting Ivanti EPMM vulnerabilities.

Full text

European Commission investigating breach after Amazon cloud hack By Sergiu Gatlan March 27, 2026 08:22 AM 0 The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. Although the EU's executive cabinet has yet to disclose the incident publicly, BleepingComputer has learned that the breach affected at least one account used to manage the compromised cloud infrastructure. Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating. While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases). They didn't disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees. The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date. The Commission disclosed another data breach in February after discovering on January 30 that the mobile device management platform used to manage its staff's devices had been hacked. The January incident appears to be linked to similar attacks targeting other European institutions (including the Dutch Data Protection Authority and Valtori, a government agency of Finland's Ministry of Finance) that exploit code-injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software. These recent security breaches come on the heels of the Commission's January 20 proposal for new cybersecurity legislation to strengthen defenses against state-backed actors and cybercrime groups targeting Europe's critical infrastructure. Last week, the Council of the European Union also sanctioned three Chinese and Iranian companies for orchestrating cyberattacks targeting the critical infrastructure of member states. Red Report 2026: Why Ransomware Encryption Dropped 38% Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded. Download The Report Related Articles: European Commission discloses breach that exposed staff dataDutch Ministry of Finance discloses breach affecting employeesEU says TikTok faces large fine over "addictive design"EU launches investigation into X over Grok-generated sexual imagesGoogle: Cloud attacks exploit flaws more than weak credentials

Indicators of Compromise

• malware — Ivanti Endpoint Manager Mobile (EPMM)