The European Commission is investigating a cybersecurity breach involving its Amazon Web Services (AWS) cloud environment after unauthorized access was detected in one of its systems. The issue is believed to be linked to compromised credentials or weak access controls, not a failure in AWS itself.
Attackers may have accessed internal cloud data and extracted files before the activity was discovered. The Commission claims that the affected cloud setup has since been isolated and secured, and officials are now carrying out a detailed forensic review to understand the full scope of the incident and what data may have been exposed.
The initial assessments suggest that the breach appears to have originated from the identity and access management layer of the Commission’s cloud infrastructure. In modern cloud systems, this layer controls who can log in, what they can access, and which administrative actions they can perform. Therefore, it can potentially provide broad visibility across multiple services and stored datasets.
Once the unauthorized access was detected, internal security teams moved to contain the incident by isolating the affected environment from the rest of the Commission’s cloud infrastructure. The European Commission has also initiated a forensic investigation, which involves reconstructing the timeline of the intrusion, identifying how access was first obtained, and determining what actions were taken by the attackers once inside the system.
At this stage, officials have not publicly confirmed the exact nature of the data that may have been accessed or copied. However, cloud environments used by large institutions typically contain a wide range of internal materials, including administrative documents, operational data, system configurations, and internal communications tools. Because of this, even a limited breach of access credentials can raise concerns about potential exposure of sensitive but non-public information.
According to a report by Bleeping Computer, the attacker is believed to have compromised at least one account used to manage the European Commission’s cloud environment, potentially exposing employee information and internal systems. The threat actor reportedly contacted the publication directly, claiming to have stolen more than 350GB of data, including databases and internal files, and shared screenshots as evidence of access. The attacker is said not to be pursuing extortion, but instead plans to publish the stolen data at a later date.
The incident becomes even more critical as it follows another recent breach disclosed earlier this year, in which the European Commission reported that attackers accessed parts of its mobile device management environment. Notably, that earlier campaign was linked to vulnerabilities in Ivanti Endpoint Manager Mobile software.
The Tech Portal is published by Blue Box Media Private Limited. Our investors have no influence over our reporting. Read our full Ownership and Funding Disclosure →
