EU Commission AWS Account Compromised, 350 GB of Data Stolen – Potential Exposure of Government Records
What Happened – A threat actor gained unauthorized access to an Amazon Web Services (AWS) account used by the European Commission, exfiltrating roughly 350 GB of data that includes employee records and internal email archives. The breach was detected quickly, and the Commission’s incident response team is investigating.
Why It Matters for TPRM –
- Government‑level data resides in a third‑party cloud; compromise signals gaps in cloud‑account hygiene and credential protection.
- The incident follows a recent mobile‑device‑management breach, indicating a possible pattern of targeting the Commission’s supply chain.
- Exposure of internal communications could reveal procurement, policy‑making, and security details that affect downstream vendors and partners.
Who Is Affected – Public sector (EU institutions), cloud‑hosting providers (AWS), and any downstream contractors that rely on Commission data.
Recommended Actions –
- Verify that all cloud accounts used by your organization employ MFA, least‑privilege IAM policies, and continuous monitoring.
- Conduct a third‑party risk review of any services hosted on AWS or similar public clouds, focusing on credential management and access‑logging.
- Request evidence of the Commission’s post‑incident remediation and incorporate findings into your vendor‑risk assessments.
Technical Notes – The exact attack vector was not disclosed; the actor provided screenshots showing access to databases and email servers. AWS stated its infrastructure was not compromised, suggesting the breach stemmed from compromised credentials or mis‑configured account permissions. Data types exfiltrated include employee personal information and internal communications. Source: BleepingComputer