The European Commission has confirmed that it was targeted in a cyberattack affecting part of its cloud infrastructure, following claims by hackers that they had stolen significant amounts of data. The incident, discovered in March 2026, has raised fresh concerns about the cybersecurity resilience of major government institutions.
According to officials, the attack impacted the Commission’s cloud environment hosting its web presence on the Europa platform. Early findings from the ongoing investigation suggest that data may have been extracted from affected systems, although the full scope of the breach is still being assessed.
A spokesperson for the Commission stated that immediate steps were taken to contain the attack and implement risk mitigation measures. Importantly, the organisation clarified that its internal systems were not compromised, limiting the potential impact of the breach on core operations.
Reports indicate that the breach involved at least one account on Amazon Web Services, though the cloud provider itself was not compromised and continued to operate normally. Hackers have claimed to have stolen more than 350GB of data, although these claims have not yet been independently verified.
The Commission has launched a full investigation to determine the extent of the data exposure and identify any affected entities. Authorities are also working to notify relevant stakeholders and strengthen security protocols in response to the incident.
The breach highlights the growing threat landscape facing public institutions as cyberattacks increasingly target cloud-based infrastructure. As governments continue to digitize services and rely on external platforms, ensuring robust cybersecurity measures remains critical to protecting sensitive data and maintaining public trust.
