THE European Commission has disclosed that the ShinyHunters hacking group claimed to have stolen more than 350GB of data from its cloud systems, including data from mail servers, databases and confidential documents. The EC said the attack affected cloud infrastructure hosting its Europa[.]eu web presence, but that public websites were not disrupted and internal systems were not affected.
Early findings indicate that data was taken from those websites and the Commission is notifying Union entities that might be affected while continuing its investigation. The hackers reportedly targeted the EC’s AWS accounts, though AWS stated it did not experience a security event and that its services operated as designed. According to CERT-EU, this is the second data breach confirmed by the EC this year, following an intrusion into the Commission’s IT infrastructure in February.
The attackers are said to have leveraged a compromised account or a security misconfiguration rather than exploiting a vulnerability in AWS products or services.