A cyberattack involving the European Commission’s cloud environment resulted in unauthorised access and data extraction from systems supporting its public websites.
The activity was identified on March 24 within infrastructure linked to the Europa.eu platform, which hosts a range of European Union web services. The affected systems were hosted in an Amazon Web Services (AWS) environment. AWS stated that its infrastructure was not compromised and operated as expected, indicating that the issue was related to how specific resources were accessed rather than a failure of the cloud provider itself.
The Commission said the breach was limited to externally facing web services and did not affect internal systems or core operational networks. Officials stated that containment measures were implemented shortly after detection, including securing affected accounts and restricting access to compromised components of the environment.
Authorities are continuing to assess what data may have been accessed or extracted. The Commission has not yet provided detailed information on the categories of data involved, but confirmed that relevant entities will be notified if their information is determined to have been affected. The review process includes analysis of system logs and access records to determine the scope of exposure.
A threat actor has claimed responsibility for the attack and alleged that more than 350 GB of data was taken, including database content and internal records. These claims have not been independently verified, and the Commission has not confirmed the volume or nature of any data that may have been removed.
Details on how access was obtained have not been disclosed. Investigators are examining possible entry points, including account-level access and configuration issues within the cloud environment. No confirmed method has been publicly identified.
The Commission stated that the incident did not disrupt the availability of its websites. Additional monitoring and security controls have been implemented as part of the response.
The breach is being reviewed alongside a separate security incident reported earlier in 2026 involving internal systems. Findings from both cases are expected to inform updates to existing cybersecurity practices and infrastructure management.