European Commission Confirms Cloud Data Breach Affecting Europa.eu Platform
The European Commission confirmed a cyber incident on March 27, 2026, after discovering a cyberattack on March 24, 2026, that affected parts of the public cloud infrastructure supporting the Europa.eu platform. The ShinyHunters extortion group claimed responsibility, alleging theft of over 350GB of data, including mail-server dumps, databases, confidential documents, and contracts. The Commission stated its internal systems were not affected, but data was taken from the public-facing websites.
Signal context
First seen: Mar 24, 2026
Last updated: Jun 20, 2026
Status: Public signal
Key points
- Cyberattack discovered on March 24, 2026.
- Affected public cloud infrastructure supporting Europa.eu platform.
- ShinyHunters claimed theft of over 350GB of data.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data, Server or cloud data store
- 4 signals in the same sector
- 31 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
European Commission Cyber Attack 2026: Event, Impact, and Key Lessonshttps://www.rescan.com/blog/european-commission-cyber-attack-2026-event-impact-and-key-lessons/Public source from rescan.com.
European Commission Reports Cyber Intrusion and Data Theft - SecurityWeekhttps://www.securityweek.com/european-commission-reports-cyber-intrusion-and-data-theft/Public source from securityweek.com.
ShinyHunters Claims 350GB Data Theft from European Commission AWS Accounthttps://www.cybersecurity-insiders.com/shinyhunters-claims-350gb-data-theft-from-european-commission-aws-account/Public source from cybersecurity-insiders.com.
Related signals
Grouped by why the signal is relevant.
Oracle Cloud Authentication Data Breach by 'rose87168'
A threat actor identified as 'rose87168' claimed to have breached Oracle Cloud's federated Single Sign-On (SSO) login servers and exfiltrated approximately 6 million records, impacting over 140,000 tenants. The stolen data reportedly includes Java Key Store (JKS) files, encrypted SSO and LDAP passwords, and Enterprise Manager JPS keys. While Oracle initially denied a breach of its main Oracle Cloud Infrastructure (OCI) platform, it acknowledged a security incident involving two obsolete servers where usernames were accessed. Cybersecurity firms and independent researchers confirmed the validity of some data samples shared by the threat actor. The attacker was active since January 2025 and sought assistance to decrypt stolen data, demanding payments to prevent further exposure. CISA issued guidance on credential risks associated with a potential legacy Oracle cloud compromise.
Paywall Bypass Vulnerability
Tweakers.net has identified a vulnerability that allows for the bypass of its paywall. This issue is listed as a 'Known issue' within their bug bounty program, indicating that the company is aware of the flaw and is seeking ethical hackers to report findings related to it. A successful bypass could allow unauthorized access to premium content.
Oracle Affected by FortiBleed Campaign
Oracle was identified as one of over 22,000 corporate domains affected by the FortiBleed campaign. A Russian-speaking criminal group compromised Fortinet firewall and VPN devices globally, exfiltrating credentials and potentially gaining full network access.
Horizon Family Medical Group Data Breach
Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.
Council of Europe Hacked by ShinyHunters, 297 GB of Data Stolen
The notorious extortion group ShinyHunters claimed to have hacked the Council of Europe, stealing nearly 300 gigabytes of data, including employee personal information, payroll data, CVs, and medical records. The group threatened to leak the data if negotiations were not initiated.
American Express Insider Data Breach Reported
American Express was involved in an insider data breach where an employee accessed the personal financial information of an individual. An investigation by the Australian Privacy Commissioner found the company breached privacy laws by failing to implement adequate restrictions on staff access to customer accounts.