European Commission probes data breach after threat actor claims to have stolen 350 GB from its AWS account

A threat actor gained unauthorized access to at least one Amazon Web Services account belonging to the European Commission, prompting an investigation by the EU executive body's cybersecurity incident response team, with AWS confirming its own infrastructure was not compromised. The attacker contacted BleepingComputer claiming to have stolen over 350 GB of data, including multiple databases and information from an email server used by Commission employees, and said they intend to leak the data online rather than use it for extortion. The incident is the Commission's second breach in two months, following a January hack of its mobile device management platform linked to Ivanti EPMM vulnerability exploits also targeting other European institutions.