The European Commission was hit by a cyberattack that may have resulted in the theft of internal data, months after another incident potentially exposed some staff details.
The European Union's executive arm experienced a breach on March 24, a spokesman said. The attack struck the commission's Amazon Web Services account before being detected and blocked. An internal investigation is ongoing to establish the extent of the breach, he said.
"I can confirm that the commission discovered a cyber-attack, which affected part of our cloud infrastructure," spokesman Thomas Regnier said. "The commission's internal systems were not affected by the cyber-attack."
Government agencies are increasingly under attack by hackers and nation-state bad actors. In the EU, public administration networks have emerged as one of the biggest targets, accounting for 38% of incidents, according to Enisa's annual threat report. Hans De Vries, chief cybersecurity and operations officer at the European Union Agency for Cybersecurity, commented on the earlier breach in a panel conversation at the RSA cybersecurity even in San Francisco on Tuesday. "Every organization has incidents," he said. "So do we."
In January, the commission detected another incident that may have exposed limited staff contact details. At the time the EU said it would review the security of its systems and take additional precautions if needed.
A representative for Amazon didn't immediately respond to a request for comment. The incident was first reported by cybersecurity blog Bleeping Computer, which said that the person responsible for the hack reached out claiming to have stolen more than 350 gigabytes of data.
The attack also follows a security incident affecting a high-ranking commission official. Earlier this month, someone uploaded an intercepted WhatsApp call between the official and a Politico journalist onto YouTube. Both Politico and the commission later said that their devices and networks showed no evidence of being compromised.
Cloud-focused attacks, especially from nation-states, are soaring and artificial intelligence has boosted the speed they move, according to CrowdStrike's 2026 Global Threat Report released last month. In one of the worst cloud data breaches in recent years, a 2024 attack on Snowflake Inc. exposed the personal information of millions of people, including customers of Ticketmaster LLC, AT&T Inc. and Advance Auto Parts Inc.
About a third of cloud incidents come from account abuse, where the attackers log in using stolen credentials, CrowdStrike found.