European Commission, Europa.eu confirmed the cyber attack on cloud systems hosting its platform and acknowledged the data leak. Initial investigations indicate that the attackers were approximately 350GB data It reveals that the user has received the information and has access to the systems for a certain period of time.
With this development, it appears that not only websites but also some data running in the background may have been compromised. In addition, the Commission states that it has contacted the affected institutions while announcing that the incident is under control.
On the other hand, while the investigation continues, technical details about how the attack took place have not yet been shared. However, initial findings suggest that the data are not directly Europa It shows that it was taken from their website.
However, while it is not clear how long the attacker remained in the system, the scope of access is increasingly under scrutiny. Additionally, the amount of data obtained clearly reveals that the breach was not superficial.
European Commission is investigating a breach via cloud access
The leaked information shows that the attacker used Amazon Web Services (AWS) indicates that you have access to your account, and this access plays a critical role. It is stated that both web content and employee data may be accessed through this channel.
Besides, the Commission had already announced a similar breach affecting employee data in February 2026. Therefore, whether there is a technical connection between the two events is also included in the scope of the investigation.
Despite everything, the scope of the current attack is similar to the one targeting US telecom companies in 2024. Salt Typhoon It is narrower than the operation. In the incident in question, access was made to smartphone data belonging to political campaigns.
Despite this, the latest development on the European side brings the security of cloud services used by public institutions back to the agenda. The role of third-party service providers is also being examined more closely.
On the other hand, the European Commission will issue a new report in January 2026. Cyber Security Package announced and expanded the measures for the telecom supply chain. This package includes regulations that enable faster action to be taken against risky companies.
However, the latest attack reveals the need to re-evaluate how the measures taken work on the implementation side. Additionally, the Commission states that it will share more detailed information once the technical analysis is completed.
To avoid missing the technology agenda, 📰 add it to Google News, 💬 join our WhatsApp channel, ▶ subscribe to YouTube, 📷 follow us on Instagram and 𝕏 X.