The European Commission, the executive branch of the European Union, has confirmed a significant cyberattack after the notorious ShinyHunters extortion group claimed responsibility for breaching its Amazon Web Services cloud infrastructure and stealing over 350GB of sensitive data.
Attack Details
On March 24, 2026, the European Commission detected malicious activity targeting its cloud infrastructure hosting the Europa.eu platform — the central web presence for EU institutions. ShinyHunters has added the Commission to its Tor-based data leak site, claiming the exfiltrated data includes:
- Mail server data dumps
- Database contents
- Confidential documents and contracts
- Internal communications
BleepingComputer first reported the incident after a threat actor provided screenshots demonstrating access to the Commission’s AWS account and evidence of the stolen databases.
Commission Response
European Commission spokesperson Thomas Regnier confirmed the attack to TechCrunch, stating that the organization “discovered a cyber-attack, which affected part of our cloud infrastructure” and that “immediate steps” were taken to contain the breach.
In an official press release, the Commission noted: “Early findings of our ongoing investigation suggest that data have been taken from those websites. The Commission is duly notifying the Union entities who might have been affected by the incident.”
AWS has clarified that no security incident occurred on their end and that their services “functioned as expected” — suggesting the breach stemmed from compromised credentials or misconfiguration rather than a platform vulnerability.
ShinyHunters Track Record
ShinyHunters has emerged as one of the most prolific cybercrime groups of 2026, primarily leveraging social engineering and voice phishing to compromise enterprise SaaS platforms. Recent victims include Odido (6.2 million customers), fintech firm Figure, Canada Goose (600,000 records), and SoundCloud. The group targets platforms like Salesforce, Okta, and Microsoft 365 to gain initial access before pivoting to cloud infrastructure.
Previous Commission Attack
This marks the second significant cyberattack against the European Commission in 2026. On January 30, the organization detected and contained an attack on its mobile device management system within nine hours, though attackers may have accessed some staff data including names and phone numbers.
Why It Matters
A breach of this magnitude at the EU’s executive body carries serious implications:
- Geopolitical Intelligence: Stolen communications and contracts could expose sensitive EU policy discussions, trade negotiations, and diplomatic communications
- Third-Party Risk: The breach demonstrates that even world-class institutions remain vulnerable when relying on cloud infrastructure
- Data Exposure: EU entities and potentially citizens whose data was processed through Commission systems may be affected
- Pattern of Targeting: Two attacks in three months suggests persistent adversary interest in EU institutions
The investigation is ongoing. We will update this article as more information becomes available.
Source: TechCrunch, Security Affairs, BleepingComputer
