What's Happening?
The European Commission (EC) has confirmed a significant data breach involving over 300GB of data stolen from its AWS environment. This breach was linked to a compromised API key in the Trivy supply chain
attack. The incident, which occurred on March 24, was initially disclosed on March 27. Hackers accessed the AWS account, part of the backend for the Europa.eu hosting service, which supports public websites for the EC and other European Union entities. The breach was facilitated by a compromised version of Trivy, a vulnerability scanner, which the EC had received through normal software update channels. The attackers, identified as the TeamPCP hacking group, used the compromised AWS key to create and attach a new access key to a user account, allowing them to conduct reconnaissance and exfiltrate data. The stolen data, which includes personal information such as names, email addresses, and usernames, was later added to a Tor-based leak site by the ShinyHunters extortion group.
Why It's Important?
This data breach highlights the vulnerabilities in supply chain security and the potential risks associated with using compromised software. The breach affects not only the European Commission but also multiple EU entities, potentially compromising sensitive personal information of numerous individuals. The incident underscores the importance of robust cybersecurity measures and the need for organizations to ensure the integrity of their software supply chains. The breach could have significant implications for data protection and privacy regulations within the EU, prompting a reevaluation of current security protocols and practices. Additionally, it raises concerns about the potential misuse of the stolen data, which could lead to further security incidents or exploitation.
What's Next?
In response to the breach, the European Commission has revoked the compromised account's rights, deactivated and rotated the compromised credentials, and notified relevant data protection bodies. The Commission is conducting an analysis of the affected databases, a process expected to take considerable time due to the volume and complexity of the data involved. Moving forward, the EC and other affected entities may need to enhance their cybersecurity frameworks and implement more stringent supply chain security measures to prevent similar incidents. The breach may also lead to increased scrutiny and regulatory actions concerning data protection and cybersecurity practices within the EU.
