Europe’s cyber agency blames hacking gangs for massive data breach and leak

The EU's cybersecurity agency links a massive data breach to the hacking group TeamPCP, who stole 92GB of sensitive data from an AWS account of the European Commission. The stolen data, later leaked by another group, ShinyHunters, includes personal information of EU entities. The breach originated from a compromised security tool, marking a troubling trend of cybercriminal collaborations.

Key Points

• The breach was conducted by TeamPCP, a hacking group.
• 92GB of data was stolen from an AWS account used by the European Commission.
• The affected data includes personal emails and contact information.
• ShinyHunters leaked the stolen data online following the hack.
• The breach was possible due to the Commission downloading a compromised open source tool called Trivy, which led to the exposure of a secret API key.
• CERT-EU has reported that at least 29 other EU entities may be affected.

Relevance

• The incident highlights a trend of collaboration among hacking groups, similar to recent other major data breaches.
• In 2025, IT trends indicate increased focus on cybersecurity measures in the wake of rising cyber threats.
• The rise of supply chain attacks underscores the vulnerabilities in software development processes and the importance of securing open source tools.

This breach emphasizes the critical need for robust cybersecurity strategies and vigilance within the EU, particularly as cyber threats become more sophisticated and collaborative.