BRUSSELS — The European Commission is investigating a significant cyberattack discovered on March 24 that resulted in the theft of data from its official Europa websites. While authorities maintain that the Commission’s internal systems remain secure, early findings confirm that information was successfully exfiltrated from the affected web platforms.
The Commission described its response as "swift," claiming the incident was contained without disrupting the availability of public services. However, the scope of the breach may be larger than officially acknowledged. Screenshots circulating on social media platform X show a hacking group claiming to possess 350 GB of stolen data, allegedly including mail server contents, databases, and confidential contracts.
This breach marks the second major digital assault on EU institutions this year, following a previous compromise of the Commission’s mobile device management platform. In response to increasing hostility in cyberspace, the EU recently sanctioned entities in China and Iran, seeking to signal that such interference will face diplomatic and financial consequences.
Despite the recent implementation of the NIS2 Directive and the Cyber Solidarity Act, the incident has reignited internal debates over the adequacy of the bloc's defenses. While the Commission has pledged to analyze the breach to bolster its cybersecurity capabilities, some officials continue to warn that existing measures remain insufficient to counter sophisticated threats.
