The European Commission has confirmed a data breach on its Europa.eu platform, and hackers may have stolen data from its cloud infrastructure host.
The data breach took place on 24 March, according to the EU body, which said that it took “immediate steps” to analyse and mitigate the attack.
“The commission’s swift response ensured the incident was contained and risk mitigation measures were implemented to protect services and data, without disrupting the availability of the Europa websites,” the commission said in a statement released on 27 March.
“Early findings of our ongoing investigation suggest that data have been taken from those websites. The commission is duly notifying the Union entities who might have been affected by the incident. The commission’s services are still investigating the full impact of the incident.”
According to the commission, internal systems were not affected by the breach, and the body will continue to analyse the situation.
The cyber-attack has already been claimed by ShinyHunters, which posted on X that it had compromised more than 350GB of data from the European Commission. According to the ransomware group, the data includes mail servers, confidential documents, databases, contracts, and sensitive material.
Allegedly, screenshots shared by the group seem to show the PII – personally identifiable information – of employees.
According to researchers at the International Cyber Digest, the hackers allegedly compromised internal admin URLs, emails, and signing keys, as well as data, from NextCloud, a content collaboration network, and Athena, the military financing platform.
Recommended reading
It remains uncertain how the European Commission was breached, though some reports suggest that at least one of the body’s AWS accounts was affected.
The attack did not disrupt any Europa websites, the Commission said.
ShinyHunters claimed to have access to employee data, which may have allowed them to breach the body’s systems.
The European Commission faced another breach earlier this year in February, with a data breach affecting its mobile device management platform.
Related
Click Here For The Original Source.
