CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

European Commission Investigates Breach in Mobile Device Management Platform

First reported
Last updated
2 unique sources, 3 articles

Summary

Hide ▲

The European Commission has confirmed a second breach affecting its Amazon cloud infrastructure, which hosted its Europa.eu platform, occurring on March 24, 2026. A threat actor, identified as ShinyHunters, claims to have stolen over 350GB of data, including databases, confidential documents, employee PII, DKIM keys, internal admin URLs, NextCloud data, and military financing data. The attacker stated no intention to extort the Commission but warned of potential secondary impacts such as identity risk and spear-phishing attacks. The breach was contained within hours, and the Commission is notifying affected entities while investigating the full impact. This follows the January 30, 2026 breach of the Commission’s mobile device management platform, linked to Ivanti EPMM vulnerabilities, which exposed staff names, phone numbers, and business email addresses and was contained within 9 hours.

Timeline

  1. 09.02.2026 11:49 3 articles · 1mo ago

    European Commission Detects Breach in Mobile Device Management Platform

    On January 30, 2026, the European Commission detected a cyberattack on its mobile device management platform, which may have exposed staff personal information. The incident was contained and the system cleaned within 9 hours. The breach is linked to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, similar to recent attacks on Dutch institutions. The compromised data includes names, phone numbers, and business email addresses of staff members. On March 24, 2026, the Commission confirmed a second breach targeting its Amazon cloud infrastructure hosting the Europa.eu platform. The attack was contained within hours, and the Commission took immediate steps to investigate and mitigate risks. The threat actor, ShinyHunters, claimed responsibility, alleging theft of over 350GB of data, including mail server dumps, databases, confidential documents, contracts, DKIM signing keys, internal admin URLs, NextCloud data, and military financing data. The Commission stated that its internal systems were not impacted and is notifying affected entities while analyzing the full impact. Early findings suggest data from the Europa websites may have been taken.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Telus Digital Breach by ShinyHunters

Telus Digital, the business process outsourcing (BPO) arm of Canadian telecommunications provider Telus, has confirmed a security breach after threat actors known as ShinyHunters claimed to have stolen nearly 1 petabyte of data. The breach, which involved unauthorized access to a limited number of Telus Digital's systems, is currently under investigation. ShinyHunters claims to have accessed a wide range of customer data related to Telus' BPO operations and call records for Telus' consumer telecommunications division. The threat actors reportedly used Google Cloud Platform credentials discovered in data stolen during the Salesloft Drift breach to gain initial access. Telus has engaged cyber forensics experts and is working with law enforcement to manage the situation.

Open in new tab

CarGurus data breach exposes 12.4 million records

The ShinyHunters extortion group has leaked personal information from 12.4 million CarGurus accounts. The data includes email addresses, phone numbers, physical addresses, and financial application details. CarGurus has not confirmed the breach, but HaveIBeenPwned (HIBP) has verified the dataset, noting that 3.7 million records are new. The leaked data could be used for phishing attacks. CarGurus is a U.S.-based digital auto platform with an estimated 40 million monthly visitors. The breach follows a pattern of similar attacks by ShinyHunters, who often use social engineering to gain access to SaaS platforms like Salesforce and Microsoft 365.

Open in new tab

Optimizely Data Breach After Vishing Attack

An ongoing wave of vishing-led breaches attributed to ShinyHunters has claimed a new victim: Aura, a digital safety firm. The attack exposed contact details of nearly 900,000 individuals, stemming from a marketing tool inherited in a 2021 acquisition. ShinyHunters claimed the theft of 12GB of files containing PII and corporate data, releasing it after failed extortion attempts. The company emphasized no SSNs, passwords, or financial data were compromised and is conducting an internal review with law enforcement involvement. Earlier in February, Optimizely disclosed a similar breach following a voice phishing attack that compromised basic business contact information. Both incidents underscore the continued exploitation of vishing tactics by ShinyHunters to gain initial access to organizations, with impacts focused on contact data rather than deeper system compromise.

Open in new tab

ShinyHunters Leak 600K Canada Goose Customer Records

ShinyHunters, a data extortion group, claims to have stolen over 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose has not found evidence of a breach in its own systems but is investigating the dataset, which includes customer names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and partial payment card information. The data could be used for targeted phishing, social engineering, and fraud. ShinyHunters denies any link to recent SSO attacks, claiming the data originated from a third-party payment processor breach in August 2025.

Open in new tab

Betterment Data Breach Exposes 1.4 Million Accounts

A data breach at Betterment, a fintech firm managing $65 billion in assets, exposed personal information of 1.4 million accounts. The breach, occurring in January 2026, involved stolen email addresses, names, geographic data, dates of birth, physical addresses, phone numbers, device information, and employment details. The attackers also sent fraudulent emails attempting to lure customers into a cryptocurrency scam. Betterment confirmed no customer accounts or login information were compromised, but the breach included significant contact information.

Open in new tab