EU Cyber Agency Attributes Major Data Breach to TeamPCP Hacking Group

The European Commission relies on Amazon Web Services to host its Europa.eu portal, a hub for dozens of EU agencies and member‑state websites. When CERT‑EU disclosed a 92‑gigabyte data exfiltration on March 19, it revealed that a single compromised AWS API key gave attackers unfettered access to internal communications, client lists, and confidential documents. The breach illustrates how a supply‑chain weakness—in this case a tainted version of the open‑source scanner Trivy—can cascade into a full‑scale cloud intrusion, jeopardizing the integrity of a supranational institution.

TeamPCP, the group linked to the incident, has built a reputation for chaining together ransomware, cryptomining and data‑theft operations. By hijacking the Trivy update channel, the actors obtained the secret API credentials needed to pull data from the Commission’s AWS bucket and later posted the dump on the ShinyHunters dark‑web market. The rapid appearance of 52,000 email‑related files underscores the monetisation model of modern cybercrime, where stolen metadata is packaged for resale to spammers, extortionists, and nation‑state actors alike.

The fallout forces EU policymakers to reassess cloud‑security governance and supply‑chain vetting. Recommendations include mandatory signed binaries for critical tools, continuous monitoring of API usage, and zero‑trust segmentation of cloud workloads. For private enterprises, the episode serves as a cautionary tale: reliance on third‑party services must be paired with rigorous credential rotation and automated threat‑intelligence feeds. As the EU tightens its cybersecurity directives, organizations worldwide can expect stricter compliance requirements and heightened scrutiny of open‑source components.