The European Commission has confirmed that it has suffered a cyber attackthe second in 2026, in which the cloud infrastructure in charge of hosting the Commission’s web presence on the European.eu platform has been affected.
According to the statement in which they acknowledge the cyberattack, the attack is now contained, although they are still investigating its origin and consequences. From Bleeping Computer they assure that the cybercriminals who accessed the systems managed to keep around 350 GB of data before containment measures were applied to close access to cybercriminals. Among the stolen information there are apparently several databases.
It is not yet entirely clear what type of information has been stolen, but cyber attackers have already provided evidence that they have gained improper access to the Commission’s systems. Among these tests there are several screenshots.
Apparently, according to the data from the preliminary investigation underway, the data that the attackers have obtained comes from the attacked websites, and the Commission is in the process of communicating to the EU entities that may have been affected the details they have about the attack.
For now, the Commission, which discovered the attack on March 24, has yet to confirm and communicate how the improper access to its cloud infrastructure occurred.
Bleeping Computer also points out that the attackers accessed the systems, as well as employee data, via one of the Commission’s AWS accounts. It has been confirmed that the Commission’s internal systems have not been affected.
The Commission already confirmed a security breach that affected its employees’ data in a similar way last February, making this the second cyber attack suffered by the European Commission since the beginning of the year.
