Cyberattack on the European Commission's Europa web platform
What happened
On 24 March 2026 the European Commission discovered a cyberattack against the cloud infrastructure hosting its web presence on the Europa.eu platform, which carries official sites for the Commission and other EU institutions. In a statement (IP/26/748), the European Commission confirmed that data had been taken from the affected websites but said there was no indication that its internal systems had been compromised and no disruption to the availability of the Europa websites.
According to BleepingComputer, the intrusion involved at least one compromised Commission Amazon Web Services (AWS) account, with the breach occurring at the customer account and configuration level rather than through a flaw in AWS itself. TechCrunch reported that the Commission moved to contain the incident, reiterating that internal systems were not affected and that the stolen material originated from a Commission cloud account holding multiple databases.
The extortion and data-theft group ShinyHunters publicly claimed responsibility on its own leak channels, asserting it had taken roughly 350 GB of material, including mail server contents, databases, confidential documents and contracts, and later releasing a smaller archive. The Commission itself made no official attribution. Help Net Security noted that this was the second breach affecting the Commission in 2026, following an earlier compromise of a mobile-device-management platform, raising questions about resilience.
Assessment
Responsibility is not officially established. ShinyHunters, a financially motivated cybercriminal group rather than a state actor, self-claimed the breach and provided screenshots to reporters, but a claim of responsibility is not proof, and the European Commission has made no attribution. The activity is described as data theft and extortion, not ransomware or a denial-of-service attack, and no ransom payment has been reported. Data-volume figures originate from the threat actor and are unverified. The incident sits within a broader pattern of intrusions targeting EU institutions. It remains under investigation, and this entry may change as further public information emerges.
This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.