The European Commission confirmed a cyberattack on its Europa.eu cloud infrastructure hosted by Amazon Web Services, resulting in the unauthorized access and potential theft of 350GB of organizational data.

Key points

• The European Commission identified the security breach on March 24, 2026.
• Attackers allegedly exfiltrated 350GB of data from the Europa.eu website infrastructure.
• Internal Commission systems remain unaffected, according to official statements.
• Amazon Web Services confirmed its own infrastructure remains secure, pointing to potential social engineering or infostealer malware.
• The perpetrators stated they intend to leak the stolen data online rather than demand a ransom.

This incident highlights the persistent vulnerability of high-profile government entities to cloud-based security breaches, even when utilizing major service providers like Amazon Web Services. The potential public release of sensitive organizational data poses significant security and reputational risks for the European Union's executive branch.