By AndyRixon 
Unnamed attackers claim to have taken 350GB of European Commission data
The European Commission (EC), the executive cabinet of the European Union, has confirmed it suffered a cyberattack in which it lost sensitive data.
In an official statement, the Commission said it spotted the intrusion on March 24 2026, when unidentified attackers accessed the cloud infrastructure where its Europa.eu website is hosted.
While the organization said it responded “swiftly” and managed to contain the risk, some data seems to have been taken from the website.
Still investigating
“The Commission’s services are still investigating the full impact of the incident,” the press release reads.
“The Commission’s internal systems were not affected by the cyber-attack. The Commission will continue to monitor the situation and take all necessary measures to ensure the security of its internal systems and data. It will analyze the incident and use the results to further enhance its cybersecurity capabilities.”
The EC did not discuss the nature of these files, or how many of them were stolen. It said it is notifying “the Union entities who might have been affected by the incident”, suggesting that it’s organization data – not personal information – that was stolen.
It added that it implemented additional risk mitigation features to protect services and data without disrupting the website.
While the EC did not say who the attackers were or how they were able to access its network, BleepingComputer claims the miscreants broke into an Amazon Web Services (AWS) account, from which they allegedly took more than 350 GB of data.
Amazon confirmed to the publication that its infrastructure is intact, suggesting that this was either a social engineering attack, or the result of a successful infostealer infection.
The unnamed group said it had no intention of extorting EC for any money and will rather leak the stolen information on the dark web, at a later date.