What's Happening?
The European Union's cybersecurity agency has identified a cybercriminal group known as TeamPCP as responsible for a significant data breach at the EU's executive body, the European Commission. The breach involved
the theft of approximately 92 gigabytes of compressed data from a compromised Amazon Web Services (AWS) account. This account was used by the European Commission to host websites and publications for the bloc's institutions and agencies. The stolen data included personal information such as names, email addresses, and email contents. The breach originated on March 19 when hackers acquired a secret API key associated with the European Commission's AWS account. This was facilitated by a previous hack targeting the open-source security tool Trivy, which the Commission inadvertently downloaded. The stolen data was subsequently posted online by another hacking group, ShinyHunters. CERT-EU, the EU's cybersecurity agency, is currently analyzing the data and has contacted affected organizations.
Why It's Important?
This incident underscores the growing threat of cybercriminal collaboration, as evidenced by the involvement of two separate hacking groups in the breach and subsequent data leak. The breach not only compromises the security of the European Commission's data but also poses a risk to at least 29 other EU entities and numerous internal clients. The exposure of personal data could lead to identity theft and other forms of cybercrime. Additionally, the breach highlights vulnerabilities in the supply chain of open-source security tools, which can be exploited by hackers to gain unauthorized access to sensitive systems. This incident serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to remain vigilant against evolving cyber threats.
What's Next?
The European Commission is expected to respond to the breach once it reopens next week. In the meantime, CERT-EU is working with affected organizations to mitigate the impact of the breach and prevent further data exposure. The incident may prompt a review of cybersecurity protocols and the implementation of additional safeguards to protect against similar attacks in the future. Organizations using open-source security tools may also need to reassess their security practices to prevent supply chain attacks. The breach could lead to increased scrutiny of the European Commission's cybersecurity measures and potentially result in policy changes to enhance data protection across the EU.
