EU's Cybersecurity Agency Reveals Massive Data Breach: Hackers Blame ShinyHunters

The European Union’s cybersecurity agency, CERT-EU, has released a report detailing a massive data breach that affected the EU’s executive body, the European Commission. According to the report, the hack and subsequent leak of sensitive data were carried out by two separate hacking groups, TeamPCP and ShinyHunters.

The breach is believed to have originated on March 19 when hackers acquired a secret API key associated with the European Commission’s Amazon Web Services (AWS) account. This allowed them to steal around 92 gigabytes of compressed data, including personal information containing names, email addresses, and contents of emails. The stolen data was then posted online by ShinyHunters.

The compromised AWS account used by the European Commission’s Europa.eu platform, which hosts websites and publications for EU institutions and agencies. This breach has raised concerns about the potential exposure of sensitive information, including personal data of at least 29 other EU entities and dozens of internal European Commission clients.

CERT-EU has reported that the majority of the stolen emails are automated with little to no content, but some may contain original user-submitted content, posing a risk of personal data exposure. The agency is already in contact with affected organizations to provide assistance and support.

The investigation revealed that TeamPCP, a cybercriminal group known for its involvement in ransomware attacks and crypto-mining campaigns, was behind the initial hack. This group has also been linked to systematic supply chain attacks compromising other open-source security projects.

ShinyHunters, another notorious hacking group, is believed to have posted the stolen data online. According to reports, this group is known for its involvement in extortion schemes, where hackers demand payments from compromised organizations.

The breach highlights a growing trend of cybercriminals working together to extort their victims. CERT-EU has emphasized the importance of vigilance and cooperation among EU institutions and agencies to prevent such incidents in the future.

As the investigation continues, it is clear that this massive data breach has significant implications for the European Union’s cybersecurity landscape. The EU’s executive body, the European Commission, has been notified of the breach, but a spokesperson has not yet commented on the matter.

In related news, Aqua Security has reported that TeamPCP has also been linked to ransomware attacks and crypto-mining campaigns. Palo Alto Networks Unit 42 has stated that the hackers have been behind systematic supply chain attacks compromising other open-source security projects.

Analysis based on: https://techcrunch.com/2026/04/03/europes-cyber-agency-blames-hacking-gangs-for-massive-data-breach-and-leak/