1. Forum
  2. tqwNet
  3. TQW GENTECH

  • EU cyberattack may have been worse than we thought - 90GB of data

    From TechnologyDaily@1337:1/100 to All on Friday, April 03, 2026 13:30:28
    EU cyberattack may have been worse than we thought - 90GB of data published online as 30 entities hit

    Date:
    Fri, 03 Apr 2026 12:15:00 +0000

    Description:
    CERT-EU is blaming TeamPCP for the attack, saying the Trivy breach trickled down.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Cyberattack hit nearly 30 EU entities via Trivy update TeamPCP stole AWS keys, enabling large-scale data exfiltration ShinyHunters leaked 340GB of sensitive Commission-related data The recent cyberattack on the European Commission (EC) may have been a lot worse than initially thought, as we now know it affected almost 30 different European Union (EU) entities.

    In an updated security notice, the European Unions Cybersecurity Service (CERT-EU) blamed the intrusion on TeamPCP, and shared more details about what had happened. The attack saw TeamPCP, a relatively unknown threat actor, manage to get a malicious version of Trivy into the update stream that users trust. Trivy is an open source security scanner built by Aqua Security to detect vulnerabilities and misconfigurations. This malicious version allowed TeamPCP to obtain an Amazon Web Services (AWS) API key of the European Commission, which granted them control over other AWS accounts affiliated
    with the EC. Article continues below You may like European Commission
    confirms platform data breach admits 'data have been taken' from official websites TfL admits 2024 cyberattack may have affected over 10 million people
    personal customer info stolen, here's what we know so far Eurail confirms stolen traveler data is on sale in the dark web - and it still doesn't know who is behind the attack TeamPCP Amazon confirmed this was not a breach of
    its own systems and that it operates as it should.

    Using the stolen AWS secrets, TeamPCP exfiltrated data from the affected
    cloud environment , the EC then confirmed. The exfiltrated data relates to websites hosted for up to 71 clients of the Europa web hosting service: 42 internal clients of the European Commission, and at least 29 other Union entities.

    It doesnt name which entities those are, but some of the more notable ones include the European Parliament, Council of the European Union, and the European External Action Service. Other agencies that may have been affected include the European Medicines Agency, European Banking Authority, ENISA, or Frontex.

    Soon after news of the breach broke, a group known as ShinyHunters claimed
    the incident, saying they nabbed data dumps of mail servers, databases, confidential documents, contracts, and much more sensitive material. In
    total, the hackers posted 340GB of data, compressed into a 91.7GB archive.
    Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Analysis of the published dataset has so far confirmed the presence of personal data, including lists of names, last names, usernames, and email addresses, predominantly from the European Commissions websites but potentially pertaining to users across multiple Union entities, EU-CERT said.

    The dataset also contains at least 51,992 files related to outbound email communications, the majority of which are automated notifications with little to no content.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/eu-cyberattack-may-have-been-worse-than -we-thought-90gb-of-data-published-online-as-30-entities-hit


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)