The European Commission has confirmed it was the target of a cyberattack affecting part of its cloud infrastructure, after hackers claimed to have stolen hundreds of gigabytes of data. Commission spokesperson Nika Blazevic stated the attack was discovered and has been contained, with risk mitigation measures implemented.

The breach impacted the Commission's cloud infrastructure hosting its web presence on the Europa.eu platform. An investigation is ongoing, but the Commission confirmed its core internal systems were not compromised by the attack.

Scope of the Breach

According to a report by Bleeping Computer, which first broke the news, hackers stole a significant volume of data, including multiple databases, from the Commission's account with cloud provider Amazon Web Services (AWS). The hackers provided the publication with evidence of their access, including screenshots.

The exact nature and sensitivity of the stolen data remains unclear. The Commission's statement did not specify the volume of data involved or confirm the hackers' claims regarding the scale of the theft.

Immediate Response and Investigation

"We have taken immediate steps and contained the attack," stated spokesperson Nika Blazevic in a communication to TechCrunch. The Commission emphasised that its internal systems were unaffected, suggesting the breach was isolated to publicly-facing web infrastructure.

The full statement on the Commission's website confirms the attack "affected its cloud infrastructure hosting the Commission’s web presence on the Europa.eu platform." This platform is a central repository for a vast amount of the EU executive's published documents, reports, and official communications.

Box: What is the Europa.eu platform?
Europa.eu is the official website of the European Union and a primary source of information about its institutions, including the European Commission. It hosts press releases, legislative texts, policy documents, and public communications.

Ongoing Implications

While the Commission asserts its operational systems are secure, the theft of potentially hundreds of gigabytes of data from its cloud storage raises significant concerns. The incident highlights the cybersecurity vulnerabilities faced by major international institutions, even when using leading commercial cloud services.

The investigation will now focus on determining the precise entry point used by the attackers, the full extent of the data exfiltrated, and identifying the responsible threat actor. No group has publicly claimed responsibility for the attack at this time.