{"id":3489201,"date":"2026-04-03T15:50:43","date_gmt":"2026-04-03T15:50:43","guid":{"rendered":"https:\/\/techingeek.com\/index.php\/2026\/04\/03\/europes-cyber-agency-attributes-the-extensive-data-breach-and-leak-to-hacking-groups\/"},"modified":"2026-04-03T15:50:43","modified_gmt":"2026-04-03T15:50:43","slug":"europes-cyber-agency-attributes-the-extensive-data-breach-and-leak-to-hacking-groups","status":"publish","type":"post","link":"https:\/\/techingeek.com\/index.php\/2026\/04\/03\/europes-cyber-agency-attributes-the-extensive-data-breach-and-leak-to-hacking-groups\/","title":{"rendered":"Europe’s cyber agency attributes the extensive data breach and leak to hacking groups."},"content":{"rendered":"
<\/div>\n

On Thursday, the EU’s cybersecurity agency announced that a recent hacking incident and data breach affecting the EU’s executive arm was carried out by a cybercriminal organization identified as TeamPCP.\u00a0<\/p>\n

In a fresh report, CERT-EU disclosed that the attackers managed to steal approximately 92 gigabytes of compressed data from an Amazon Web Services (AWS) account utilized by the European Commission, which included sensitive information such as names, email addresses, and email content.\u00a0<\/p>\n

The breach impacted the cloud infrastructure of the Commission’s Europa.eu platform, a site leveraged by member states for hosting the websites and publications of various EU institutions and agencies.<\/p>\n

CERT-EU indicated that the data of at least 29 other EU entities could be compromised, and numerous internal clients of the European Commission might also have had data extracted.\u00a0<\/p>\n

Subsequently, the stolen information was published online by another hacking entity, the infamous ShinyHunters.\u00a0<\/p>\n

While the scale of the data breach is indeed significant, it is uncommon for a cybersecurity agency to link two distinct hacking groups to the same event. A representative from ShinyHunters informed TechCrunch in a chat that they had secured some of the data initially taken by TeamPCP in preceding attacks, which they then leaked.<\/p>\n

Attempts to contact TeamPCP for a statement were unsuccessful.<\/p>\n

CERT-EU revealed that the breach began on March 19 when hackers obtained a confidential API key related to the European Commission\u2019s AWS account, stemming from a prior hack on the open source security tool Trivy. The Commission unintentionally downloaded a version of the compromised Trivy tool after the project’s recent breach, allowing the hackers to access its secret API key, which enabled them to retrieve data stored in the Commission’s AWS account.<\/p>\n

While the agency continues to analyze the data that was released online, nearly 52,000 files contain sent email messages. CERT-EU indicated that most of these emails are automated with minimal content, but emails that returned with an error \u201cmay contain the original user-submitted content, creating a risk of personal data exposure.\u201d<\/p>\n

CERT-EU stated it is already reaching out to the organizations impacted.\u00a0<\/p>\n

\n

Contact Us<\/h4>\n

\t\t\tDo you possess further information regarding this breach? Or other cyber incursion? From a non-work device, you can securely reach out to Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or contact via Telegram and Keybase @lorenzofb, or through email.\t\t<\/p><\/div>\n

A representative for the European Commission informed TechCrunch that the agency is closed until next week and will provide a response to requests for comment then.\u00a0<\/p>\n

In addition to the Trivy breach, TeamPCP has been associated with ransomware assaults and cryptocurrency mining operations, according to Aqua Security, the developer of Trivy. Recently, the hackers have been linked to a systematic series of supply chain attacks compromising additional open source security initiatives, as reported by Palo Alto Networks Unit 42.<\/p>\n

By targeting developers with keys that grant access to sensitive systems, the hackers \u201cthen have the capacity to extort compromised organizations for ransom, demanding payments,\u201d wrote Unit 42.<\/p>\n

This article was revised to encompass comments from a member of ShinyHunters.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/div>\n

On Thursday, the EU’s cybersecurity agency announced that a recent hacking incident and data breach affecting the EU’s executive arm was carried out by a cybercriminal organization identified as TeamPCP.\u00a0<\/p>\n

In a fresh report, CERT-EU disclosed that the attackers managed to steal approximately 92 gigabytes of compressed data from an Amazon Web Services (AWS) account utilized by the European Commission, which included sensitive information such as names, email addresses, and email content.\u00a0<\/p>\n

The breach impacted the cloud infrastructure of the Commission’s Europa.eu platform, a site leveraged by member states for hosting the websites and publications of various EU institutions and agencies.<\/p>\n

CERT-EU indicated that the data of at least 29 other EU entities could be compromised, and numerous internal clients of the European Commission might also have had data extracted.\u00a0<\/p>\n

Subsequently, the stolen information was published online by another hacking entity, the infamous ShinyHunters.\u00a0<\/p>\n

While the scale of the data breach is indeed significant, it is uncommon for a cybersecurity agency to link two distinct hacking groups to the same event. A representative from ShinyHunters informed TechCrunch in a chat that they had secured some of the data initially taken by TeamPCP in preceding attacks, which they then leaked.<\/p>\n

Attempts to contact TeamPCP for a statement were unsuccessful.<\/p>\n

CERT-EU revealed that the breach began on March 19 when hackers obtained a confidential API key related to the European Commission\u2019s AWS account, stemming from a prior hack on the open source security tool Trivy. The Commission unintentionally downloaded a version of the compromised Trivy tool after the project’s recent breach, allowing the hackers to access its secret API key, which enabled them to retrieve data stored in the Commission’s AWS account.<\/p>\n

While the agency continues to analyze the data that was released online, nearly 52,000 files contain sent email messages. CERT-EU indicated that most of these emails are automated with minimal content, but emails that returned with an error \u201cmay contain the original user-submitted content, creating a risk of personal data exposure.\u201d<\/p>\n

CERT-EU stated it is already reaching out to the organizations impacted.\u00a0<\/p>\n

\n

Contact Us<\/h4>\n

\t\t\tDo you possess further information regarding this breach? Or other cyber incursion? From a non-work device, you can securely reach out to Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or contact via Telegram and Keybase @lorenzofb, or through email.\t\t<\/p><\/div>\n

A representative for the European Commission informed TechCrunch that the agency is closed until next week and will provide a response to requests for comment then.\u00a0<\/p>\n

In addition to the Trivy breach, TeamPCP has been associated with ransomware assaults and cryptocurrency mining operations, according to Aqua Security, the developer of Trivy. Recently, the hackers have been linked to a systematic series of supply chain attacks compromising additional open source security initiatives, as reported by Palo Alto Networks Unit 42.<\/p>\n

By targeting developers with keys that grant access to sensitive systems, the hackers \u201cthen have the capacity to extort compromised organizations for ransom, demanding payments,\u201d wrote Unit 42.<\/p>\n

This article was revised to encompass comments from a member of ShinyHunters.<\/em><\/p>\n","protected":false},"author":2,"featured_media":3489202,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3489201","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3489201"}],"collection":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/comments?post=3489201"}],"version-history":[{"count":0,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3489201\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media\/3489202"}],"wp:attachment":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media?parent=3489201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/categories?post=3489201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/tags?post=3489201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}