The Commission reported the incident last Friday, having discovered it earlier in the week. The attack affected the Commission’s public website platform europa.eu based on Amazon Web Services. Data pertaining to at least 29 other EU entities may be affected, CERT-EU said.
Commission spokesperson Thomas Regnier told reporters earlier this week that the data in question was “potentially already in the public domain.”
The technical analysis on Thursday confirmed reports that the notorious cybercriminal group ShinyHunters sold the data, which the hackers claimed included “data dumps of mail servers, confidential documents, contracts and much more sensitive material.”
“On March 28, the data extortion group ShinyHunters made the stolen data publicly available on their dark web leak site,” CERT-EU said. “The published dataset was approximately 91.7 GB compressed (340 GB uncompressed),” it added.