European Commission confirms platform data breach — admits 'data have been taken' from official websites

News
By published

Unnamed attackers claim to have taken 350GB of European Commission data

Flags of the European Union in front of the Berlaymont Building, which houses the European Commission's headquarters in Brussels, Belgium
(Image credit: Getty Images)
  • European Commission hit by cyberattack on its AWS-hosted Europa.eu infrastructure
  • Attackers allegedly stole 350GB of organizational data, with plans to leak it online
  • EC says internal systems unaffected, investigation ongoing, and extra protections implemented

The European Commission (EC), the executive cabinet of the European Union, has confirmed it suffered a cyberattack in which it lost sensitive data.

In an official statement, the Commission said it spotted the intrusion on March 24 2026, when unidentified attackers accessed the cloud infrastructure where its Europa.eu website is hosted.

While the organization said it responded “swiftly” and managed to contain the risk, some data seems to have been taken from the website.

Article continues below

Still investigating

“The Commission's services are still investigating the full impact of the incident,” the press release reads.

“The Commission's internal systems were not affected by the cyber-attack. The Commission will continue to monitor the situation and take all necessary measures to ensure the security of its internal systems and data. It will analyze the incident and use the results to further enhance its cybersecurity capabilities.”

The EC did not discuss the nature of these files, or how many of them were stolen. It said it is notifying “the Union entities who might have been affected by the incident”, suggesting that it’s organization data - not personal information - that was stolen.

It added that it implemented additional risk mitigation features to protect services and data without disrupting the website.

While the EC did not say who the attackers were or how they were able to access its network, BleepingComputer claims the miscreants broke into an Amazon Web Services (AWS) account, from which they allegedly took more than 350 GB of data.

Amazon confirmed to the publication that its infrastructure is intact, suggesting that this was either a social engineering attack, or the result of a successful infostealer infection.

The unnamed group said it had no intention of extorting EC for any money and will rather leak the stolen information on the dark web, at a later date.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.