The EU’s cybersecurity agency, CERT-EU, confirmed a major data breach at the European Commission. The cybercriminal group TeamPCP stole about 92 gigabytes of compressed data from a Commission AWS account. The stolen data, which included names, email addresses, and email contents, was later leaked online by another group, ShinyHunters. The breach originated on March 19th after hackers compromised the open-source security tool Trivy. The Commission inadvertently downloaded the hacked tool, allowing the attackers to steal a secret API key and access the cloud account. The breach affects the Europa.eu platform and may impact at least 29 other EU entities. TeamPCP is known for systematic supply chain attacks, targeting developers to gain access for extortion. The European Commission stated it is closed until next week for comment.
