A cyberattack affecting the European Commission’s cloud environment is being examined alongside claims by the hacking group ShinyHunters that it accessed and exfiltrated large volumes of data from EU systems.
The incident was identified on March 24 within infrastructure supporting the Europa.eu platform, which hosts the Commission’s public websites. Officials confirmed that at least one Amazon Web Services account used in this environment was accessed without authorization.
The Commission stated that the breach was limited to externally facing web services and did not impact internal systems. Investigators said the intrusion was detected quickly, allowing response teams to secure affected components and prevent disruption to public services.
Early findings indicate that data was taken from the compromised systems. Authorities are continuing to assess what information may have been accessed and are notifying EU entities that could be affected. The full scope of the exposure has not been disclosed.
Separately, ShinyHunters claimed responsibility for the attack and stated that it obtained more than 350 GB of data. According to reports, the alleged dataset may include database contents, internal documents, and information from email systems. These claims have not been independently verified by the Commission.
The group has added the Commission to its data leak site, a platform commonly used to publish stolen data as part of extortion activity. ShinyHunters is known for a “pay or leak” approach in which organisations are pressured to respond to demands or risk public release of stolen information.
Details on how the attackers gained access have not been publicly confirmed. Investigators are reviewing possible entry points, including compromised credentials or misconfigured cloud resources, but no official explanation has been provided.
The Commission said the attack did not interrupt website availability. Mitigation steps were implemented to secure the affected environment and prevent further unauthorised access while the investigation continues.
The case is being reviewed alongside another security incident involving Commission systems reported earlier in 2026. Authorities have not indicated whether the events are connected.