ACCORDING to CERT-EU, a European Commission cloud breach exposed data from at least 30 EU entities after the Commission’s Amazon cloud environment was compromised, with public disclosure occurring on 27 March following the Commission’s initial notification to CERT-EU. The incident began when the European Commission detected a cyberattack on its cloud infrastructure hosting Europa[.]eu websites on 24 March, with early findings suggesting data may have been accessed and affected entities notified.
The breach is linked to the TeamPCP threat group, and CERT-EU says the initial access came via the Trivy supply-chain compromise, with an AWS secret/API key gained on 19 March and used to exfiltrate data from the affected cloud environment. CERT-EU confirms the exfiltrated data related to websites hosted for up to 71 Europa web hosting clients, including 42 internal Commission clients and at least 29 other EU entities, with tens of thousands of files affected.
The European Commission stated its internal systems were not affected and that it will continue monitoring and strengthening protections as it investigates the full impact.