The European Commission confirmed a major data breach involving 340 GB of stolen information after attackers exploited a supply chain vulnerability in the AquaSec Trivy security scanner.

Key Points

• The breach occurred on March 19, 2026, after attackers gained unauthorized access to AWS credentials via a compromised version of the Trivy scanner.
• Threat actors ShinyHunters and TeamPCP are linked to the incident, which resulted in the leak of names, usernames, and email addresses.
• Stolen data includes approximately 51,992 files related to outbound email communications, including potentially sensitive bounce-back notifications.
• The European Commission’s Security Operations Center detected the intrusion on March 24 and subsequently revoked all compromised AWS access keys.
• Investigators found no evidence of lateral movement into other European Commission AWS accounts, and the main europa.eu web platform remains operational.

Why it Matters

This incident highlights the significant risks posed by supply chain attacks targeting widely used security software and cloud infrastructure management tools. It serves as a critical reminder for organizations to rigorously audit third-party dependencies and implement strict credential management to prevent unauthorized access to sensitive cloud environments.