European Commission investigating breach after Amazon cloud account hack

Recorded: March 27, 2026, 5 p.m.

Original

News

Featured
Latest

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

HackerOne discloses employee data breach after Navia hack

Firefox now has a free built-in VPN with 50GB monthly data limit

Infinite Campus warns of breach after ShinyHunters claims data theft

Fake VS Code alerts on GitHub spread malware to developers

Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.

European Commission investigating breach after Amazon cloud account hack

This lifetime $160 1TB Koofr cloud storage deal ends in days

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityEuropean Commission investigating breach after Amazon cloud account hack

European Commission investigating breach after Amazon cloud account hack

By Sergiu Gatlan

March 27, 2026
08:22 AM
0

The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure.
Although the EU's executive cabinet has yet to disclose the incident publicly, BleepingComputer has learned that the breach affected at least one account used to manage the compromised cloud infrastructure.
Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating.
While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases).
They didn't disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees.
The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.
The Commission disclosed another data breach in February after discovering on January 30 that the mobile device management platform used to manage its staff's devices had been hacked.
The January incident appears to be linked to similar attacks targeting other European institutions (including the Dutch Data Protection Authority and Valtori, a government agency of Finland's Ministry of Finance) that exploit code-injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software.
These recent security breaches come on the heels of the Commission's January 20 proposal for new cybersecurity legislation to strengthen defenses against state-backed actors and cybercrime groups targeting Europe's critical infrastructure.
Last week, the Council of the European Union also sanctioned three Chinese and Iranian companies for orchestrating cyberattacks targeting the critical infrastructure of member states.

Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Get Your Copy Now

Related Articles:
European Commission discloses breach that exposed staff dataDutch Ministry of Finance discloses breach affecting employeesEU says TikTok faces large fine over "addictive design"EU launches investigation into X over Grok-generated sexual imagesGoogle: Cloud attacks exploit flaws more than weak credentials

Amazon
Breach
Cloud
Data Theft
Europe
European Commission
European Union
Hack

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article
Next Article

Popular Stories

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

Kali Linux 2026.1 released with 8 new tools, new BackTrack mode

Firefox now has a free built-in VPN with 50GB monthly data limit

Sponsor Posts

AI is a data-breach time bomb: Read the new report

Is your program ready for agentic GRC? See what shift enterprise teams need to make.

Overdue a password health-check? Audit your Active Directory for free

Synthetic Identities, Proxies & Real Identities for Sale, is yours next?

Are your AI accounts being sold on the dark web? Check for free.

Upcoming Webinar

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

The European Commission is currently investigating a significant security breach affecting its Amazon cloud infrastructure, as reported by BleepingComputer. The incident, detected swiftly by the Commission’s cybersecurity response team, involved an unauthorized access to at least one account managing the compromised cloud resources. A threat actor, claiming responsibility, disclosed that they had exfiltrated over 350 gigabytes of data, including multiple databases, potentially impacting European Commission staff and email communications. The actor provided evidence of access to sensitive information, specifically detailing access to data belonging to Commission employees and an email server utilized by the organization. Crucially, the actor indicated they had no intention of extortion and planned to publicly release the stolen data at a later date. This event follows a February breach involving the Commission’s mobile device management platform, which appears linked to broader attacks exploiting code-injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, targeting multiple European institutions. The Commission's recent proposal for enhanced cybersecurity legislation, aimed at mitigating threats from state-sponsored actors and cybercriminal organizations, adds context to the urgency of this investigation. Furthermore, the Council of the European Union recently sanctioned three Chinese and Iranian entities for orchestrating cyberattacks against critical infrastructure within member states. The investigation underscores the ongoing vulnerability of large organizations to sophisticated cyber threats, and highlights the need for robust security protocols and rapid response capabilities, particularly in the face of coordinated attacks. The breach also highlights the importance of cybersecurity measures against state-backed actors and cybercrime groups targeting Europe's critical infrastructure, leading to the Commission’s January 20 proposal for new cybersecurity legislation.