SHINYHUNTERS is alleged to have breached the European Commission, with data dumps said to include content from mail servers and internal communications systems, and the group has added the Commission to its Tor data leak site, claiming more than 350 GB of stolen data.
On 24 March 2026, the European Commission detected a cyberattack affecting the cloud infrastructure hosting its Europa[.]eu websites; the incident was contained with mitigation measures, some data may have been accessed, and affected entities were being notified. The Commission notes that its internal systems were not affected and that it will continue monitoring the situation while strengthening protections, as it analyses the incident to improve cybersecurity amid ongoing threats to critical services.
BleepingComputer first reported that threat actors breached the Commission’s AWS account, stealing hundreds of gigabytes of data, though AWS said no security incident occurred. The article also notes that the ShinyHunters have recently targeted major firms and often rely on social engineering to access SaaS platforms. According to the European Commission, early findings suggest data have been taken from those websites and the Union entities potentially affected are being notified.