-
The European Commission has confirmed that hackers breached its Europa.eu web platform, with ShinyHunters claiming responsibility for the attack.
-
The threat group says it pulled over 350GB of data from the Commission’s cloud environment before losing access.
-
This marks the second breach the Commission has disclosed in just a few months, raising fresh questions about the EU’s cloud security posture.
A major cyberattack has hit the heart of the European Union administration. The European Commission has confirmed that its Europa.eu web platform, which hosts pages for the European Parliament, the Council of the EU, and several other institutions, fell victim to a breach. The data extortion group ShinyHunters has stepped forward to claim the attack as their own.
ShinyHunters Hits Europa.eu, Steals Data from EU Cloud Infrastructure
Hackers hit the Commission’s Amazon Web Services account on March 24. Security teams detected and contained the attack, but not before the intruders made off with data. The Commission confirmed its internal systems remained untouched, but acknowledged that stolen data likely came from the Europa websites running on that cloud environment.
“The Commission is properly alerting the Union bodies who might be victims due to the incident,” the executive body of the EU said during a statement. It added that it would study the breach to “further strengthen its cybersecurity capabilities.”
Amazon Web Services clarified that compromised account credentials, not a flaw in its own infrastructure, gave the attackers their way in. That distinction matters. It shifts the responsibility squarely onto how the Commission managed access to its own cloud account.
ShinyHunters Claims 350GB Haul, Drops 90GB Archive on Dark Web
ShinyHunters told cybersecurity outlet BleepingComputer that they pulled over 350GB of data before the Commission cut off their access. That haul allegedly contains employee records, databases, confidential documents, mail server dumps, as well as internal contracts, a sweeping collection of sensitive institutional material.
The group has since posted an entry on its dark web leak site, dropping a 90GB archive of files it claims came directly from the Commission’s compromised cloud environment. The release signals the group’s intent to keep the pressure on and use the stolen data as leverage.
ShinyHunters is no stranger to high-profile targets. The group has recently claimed breaches at CarGurus, Panera Bread, Canada Goose, Match Group, and SoundCloud, among others.
Investigators have linked several of those attacks to a wide-ranging voice phishing campaign that targeted single sign-on accounts across Okta, Microsoft, and Google, a method that lets criminals bypass multi-factor authentication by manipulating employees over the phone.
Second Breach in Months Puts EU Cybersecurity Credibility on the Line
This attack is not an isolated incident. Just two months ago, in January, the Commission disclosed another breach that potentially leaked limited details of staff contact via a manipulated mobile gadget management service. Two breaches in such quick succession raises an uncomfortable question: how well is the EU protecting its own digital infrastructure?
The timing makes it even more awkward. The Commission has spent recent months pushing new cybersecurity legislation aimed at hardening member states’ defences against criminals and bad actors that have support from state-level officials. Regulators drafting the rules are now themselves the ones answering questions about their own security failures.
For the millions of people whose data flows through EU institutions, employees, contractors, citizens, this breach is a sharp reminder that no organisation is too large or too official to fall victim. ShinyHunters did not crack a sophisticated zero-day vulnerability. Compromised credentials opened the door.
Security experts consistently point to credential hygiene as one of the most overlooked attack surfaces in enterprise and government environments.
Strong, unique passwords, phishing-resistant multi-factor authentication, and aggressive monitoring of cloud account activity remain the most reliable first line of defence. The same credential-based tactics that compromised the European Commission’s cloud account were used in the Odido breach, where ShinyHunters gained access through compromised employee credentials, a stark reminder that credential security is a universal challenge, whether you’re a Dutch telecom or the heart of the European Union. The Commission now has every reason to take that advice seriously, and so does every organisation watching this unfold.
