European Commission suffers massive breach: hackers claim 350Gb data trove

The European Commission has confirmed it is investigating a significant cyberattack against its cloud infrastructure, following claims by a threat actor to have exfiltrated over 350GB of data, including sensitive employee information and internal databases. The breach, which was first detected on March 24, 2026, targeted the Commission’s Amazon Web Services (AWS) accounts used to host the Europa.eu public web platform.

While the Commission maintains that its core internal systems remain secure, the sheer volume of the alleged theft has raised alarms regarding the security of the EU’s digital perimeter.

Breach details and hacker claims

The unnamed threat actor reportedly contacted security news outlets earlier this week, providing screenshots of employee data and access to an internal email server as proof of the intrusion. According to the perpetrator, the stolen cache includes:

Multiple databases containing administrative and personnel information.

Unauthorized access to email servers used by Commission staff.

Employee directories, including names and contact details.

In a surprising move, the hacker stated they have no intention of demanding a ransom. Instead, the actor indicated plans to leak the data publicly at a later date, suggesting a motive centered on geopolitical disruption rather than financial gain.

Official response and containment

In a statement released on Friday, a Commission spokesperson emphasized that the incident was "swiftly contained" and that there was no disruption to the availability of the Europa.eu websites.

"Early findings of our ongoing investigation suggest that data have been taken from those websites. The Commission is duly notifying the Union entities who might have been affected by the incident."

Amazon Web Services has also weighed in, clarifying that its global infrastructure was not compromised. The company stated that its services "operated as designed," implying that the breach likely stemmed from a misconfiguration or credential compromise within the Commission's specific cloud environment.

A growing pattern of attacks

This incident marks the second major breach to hit the European Commission in 2026. In late January, a separate attack targeted the institution’s mobile device management system, exposing the phone numbers of several staff members.

The repeated targeting of EU institutions comes amid heightened regional tensions and a surge in hybrid threats. Security analysts warn that even without a ransom demand, the public release of 350GB of internal data could provide a roadmap for future "spearphishing" campaigns and erode diplomatic trust.

The investigation remains ongoing as forensic experts work to determine the exact entry point and the full scope of the exposed information.