EU's Cybersecurity Agency Uncovers Massive Data Breach Linked to Hacking Gangs

The European Union’s cybersecurity agency, CERT-EU, has released a report detailing a massive data breach that affected the EU’s executive body, the European Commission. The breach is believed to have been carried out by a cybercriminal group known as TeamPCP, who stole around 92 gigabytes of compressed data from an Amazon Web Services (AWS) account used by the Commission.

According to the report, the hackers gained access to the AWS account on March 19 after acquiring a secret API key associated with the European Commission’s AWS account. The Commission had inadvertently downloaded a copy of the compromised open-source security tool Trivy, which allowed the hackers to steal its secret API key and use that access to pivot and obtain data stored in the Commission’s AWS account.

The stolen data includes personal information containing names, email addresses, and contents of emails. The breach also affected the cloud infrastructure of the Commission’s Europa.eu platform, which member states use to host websites and publications of the bloc’s institutions and agencies.

Furthermore, CERT-EU has reported that at least 29 other EU entities may be affected by the data breach, as well as dozens of internal European Commission clients. The stolen data was then posted online by another hacking group, the notorious ShinyHunters.

What makes this breach particularly noteworthy is the growing trend of cybercriminals working together to extort their victims. In this case, two separate hacking groups were involved in the hack and subsequent leak of the European Commission’s data. This highlights the need for increased vigilance and cooperation among cybersecurity agencies, organizations, and individuals to combat these sophisticated attacks.

The report also notes that the majority of the stolen emails are automated with little to no content, but those that bounced back with an error may contain original user-submitted content, posing a risk of personal data exposure. CERT-EU has already begun contacting affected organizations to notify them of the breach and provide assistance in mitigating its effects.

In related news, Aqua Security, which develops Trivy, has linked TeamPCP to ransomware attacks and crypto-mining campaigns. Additionally, Palo Alto Networks Unit 42 has reported that TeamPCP is behind a systematic campaign of supply chain attacks compromising other open-source security projects. By targeting developers with keys to access sensitive systems, the hackers can then hold compromised organizations for ransom, demanding extortion payments.

The European Commission has not yet commented on the breach, as it is currently closed until next week. CERT-EU and affected organizations are working together to contain the damage and prevent future breaches. As cybersecurity agencies and individuals continue to battle these sophisticated attacks, it is essential that we prioritize cooperation, vigilance, and swift response to mitigate their impact.

Analysis based on: https://techcrunch.com/2026/04/03/europes-cyber-agency-blames-hacking-gangs-for-massive-data-breach-and-leak/