European Commission breach exposed data of 30 EU entities, CERT-EU says
European Commission breach exposed data of 30 EU entities, CERT-EU says
Publish Date: 2026-04-04 04:49:00
Source Domain: securityaffairs.com
European Commission breach exposed data of 30 EU entities, CERT-EU says
Pierluigi Paganini
April 04, 2026
CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group.
CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed that the Commission’s Amazon cloud environment had been compromised.
On March 24, the European Commission detected a cyberattack affecting the cloud infrastructure hosting its Europa.eu websites. The incident was quickly contained, with mitigation measures applied and no disruption to website availability. Early findings suggested some data may have been accessed, and potentially affected EU entities are being notified. The Commission alerted CERT-EU two days before disclosure, noting no signs of compromise until March 24, five days after the initial breach.
“Early findings of our ongoing investigation suggest that data have been taken from those websites. The Commission is duly notifying the Union entities who might have been affected by the incident.” reads the press release published by the European Commission. “The Commission’s services are still investigating the full impact of the incident. “
The EU has launched an investigation into the security breach to determine its full impact. However, the Commission initially pointed out that its internal systems were not affected, limiting the overall impact of the attack.
The Commission said its internal systems were not affected and will continue monitoring the situation while strengthening protections. It announced it will improve cybersecurity, as the EU faces ongoing cyber and hybrid threats targeting critical services and institutions.
BleepingComputer first…
