European Commission Data Breach Linked to TeamPCP Following Major Cloud Compromise

BRUSSELS — The European Union’s cybersecurity agency, CERT-EU, has officially attributed a massive data breach at the European Commission to the hacking group TeamPCP.

The intrusion, which occurred on March 19, resulted in the theft of approximately 92 gigabytes of compressed data from the bloc’s Amazon Web Services (AWS) account.According to a detailed report released Thursday, the hackers gained access by exploiting a secret Amazon API key via a supply chain compromise involving the software tool Trivy. The Commission was reportedly using a compromised version of the tool received through standard update channels. The breach targeted the Europa.eu platform, a cloud-based infrastructure used by EU member states to host official websites, potentially exposing data belonging to 42 internal clients and at least 29 distinct EU entities.

The stolen dataset includes nearly 52,000 files related to outbound email communications, totaling 2.2 gigabytes. While investigators believe many of these messages were automated, they warned that bounceback notifications may have exposed names, email addresses, and specific message contents. European cyber officials first detected the intrusion on March 24 after noticing abnormal network traffic and alerts regarding API misuse.

The stolen information appeared on the ShinyHunters dark web site on March 28, where the group claimed to possess confidential documents and databases. This collaboration suggests a growing trend of cybercriminal syndicates working together to monetize high-level breaches. While the compromised API key granted "management rights" that could have allowed the actors to move laterally into other Commission accounts, CERT-EU has found no evidence of further movement at this time. TeamPCP has recently been linked to several other global attacks, utilizing tactics ranging from data exfiltration to ransomware.