Skip to content
Tech News
← Back to articles

CERT-EU: European Commission hack exposes data of 30 EU entities

2026-04-03 | original
read original get Cybersecurity USB Data Block → more articles
Why This Matters

The European Commission's cloud breach by the TeamPCP threat group highlights significant vulnerabilities in cloud security and the risks of supply-chain attacks. This incident underscores the importance for organizations to strengthen their cybersecurity defenses, especially in cloud environments, to prevent data breaches and protect sensitive information. For consumers and the tech industry, it serves as a stark reminder of the growing sophistication of cybercriminals and the need for proactive security measures.

Key Takeaways

The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities.

The European Commission publicly disclosed the incident on March 27 after BleepingComputer reached out for confirmation that the Amazon cloud environment of the European Union's main executive body had been breached.

Two days earlier, the Commission notified CERT-EU of the hack, saying that its Cybersecurity Operations Center was not alerted to API misuse, potential account compromise, or any abnormal network traffic until March 24, five days after the initial intrusion.

On March 10, TeamPCP used a compromised Amazon Web Services API key with management rights over other European Commission AWS accounts (stolen in the Trivy supply-chain attack) to breach the Commission's Amazon cloud environment.

In the next stage of the attack, they used TruffleHog (a tool for scanning and validating cloud credentials) to search for additional secrets, then attached a newly created access key to an existing user to evade detection before conducting further reconnaissance and stealing data.

TeamPCP has been linked to supply-chain attacks targeting multiple other developer code platforms, such as GitHub, PyPi, NPM, and Docker.

The cybercrime gang has also compromised the LiteLLM PyPI package in an attack that impacted tens of thousands of devices using its "TeamPCP Cloud Stealer" information-stealing malware.

Data leaked on the dark web by ShinyHunters

On March 28, data extortion group ShinyHunters published the stolen dataset on their dark web leak site as a 90GB archive of documents (approximately 340GB uncompressed), containing names, email addresses, and email content.

CERT-EU's analysis confirmed that the threat actors have stolen tens of thousands of files containing personal information, usernames, email addresses, and email content, and that the resulting data breach potentially affects 42 internal European Commission clients and at least 29 other Union entities using the europa.eu web hosting service.

... continue reading

Explore topics: cert-eu european commission amazon web services teampcp trivy
Related:
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
Mercor says it was hit by cyberattack tied to compromise LiteLLM
Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project
Iran Threatens to Start Attacking Major US Tech Firms on April 1

© 2026 GoKawiil

About | Editorial Policy | Contact