Overview
- CERT-EU said Thursday that TeamPCP breached the European Commission’s AWS‑hosted Europa.eu platform, with ShinyHunters posting the stolen data on March 28.
- Investigators tie initial access to a tampered Trivy security scanner that exposed an AWS API key, which attackers used to create new keys and begin reconnaissance.
- The leaked archive is about 90–92 GB when compressed, roughly 340 GB uncompressed, and includes names, email addresses, and about 51,992 outbound email files that may contain user messages.
- Stolen data relates to websites for up to 71 europa.eu clients, including 42 Commission services and at least 29 other EU bodies, raising privacy and phishing risks for people who interacted with those sites.
- The Commission reports no sign of movement to other AWS accounts and says it revoked the keys and notified authorities, while ongoing forensics assess the full contents and whether access passed between groups.