ShinyHunters Breach European Commission’s Cloud Infrastructure, Stealing 340 GB of Data

CERT-EU confirmed that the ShinyHunters threat group executed a breach of the European Commission’s cloud infrastructure, resulting in the theft and subsequent leak of approximately 340 GB of data. The compromised dataset includes personal data such as names, last names, usernames, and email addresses, primarily linked to European Commission websites but potentially affecting users across multiple EU entities. The attack was enabled by a supply chain compromise involving Trivy, though no specific technical details or CVE IDs were disclosed. The breach was publicly acknowledged by CERT-EU, which is analyzing the leaked data to assess its scope and impact. No exact date for the breach was provided in the report.