The European Commission confirmed unauthorized access to its Amazon Web Services cloud infrastructure following a March 2026 cyberattack. The EU’s executive branch disclosed the breach after security researchers discovered compromised credentials and leaked data circulating on dark web forums.
Attackers gained access to multiple databases hosted on the Commission’s AWS account, though the full scope of exposed data remains under investigation. The organization stated it detected the intrusion and implemented containment measures, though specifics about timeline and initial compromise method were not disclosed in the initial statement.
Attack Method
Security researchers identified stolen AWS credentials that granted attackers access to Commission-managed cloud resources. The credentials appeared in underground forums alongside database dumps, suggesting the attackers exfiltrated data before detection. The specific entry point, whether through phishing, compromised credentials from previous breaches, or other vectors, has not been confirmed.
Organizational Response
The European Commission notified member state organizations and relevant partners to monitor for potential secondary targeting or credential abuse stemming from the compromised data. The organization stated it is conducting a comprehensive security assessment with AWS and external cybersecurity firms to determine the full impact and prevent future incidents.
The Commission emphasized that its prompt disclosure allows associated organizations to proactively strengthen their own security postures while the investigation continues.
