Cloud misconfigurations spike risk

The European Commission discovered the cloud intrusion on 24 March and issued a public press release about the incident on 27 March as an internal investigation continued. (ec.europa.eu, bloomberg.com) Early findings indicate attackers gained access to at least one Amazon Web Services account that hosts parts of the Europa.eu platform, and the Commission said data were taken from those websites while its internal IT systems were not affected. (ec.europa.eu, csoonline.com) A threat actor told reporters it exfiltrated over 350GB of Commission data — including multiple databases — and supplied screenshots to substantiate access. (csoonline.com, techcrunch.com) Amazon briefed media that AWS’s infrastructure was not compromised and that its services “operated as designed,” and Bloomberg reported the breach appears linked to compromised account credentials rather than an AWS platform failure. (csoonline.com, bloomberg.com) The March cloud incident comes after a January 30 detection of an intrusion into the Commission’s central mobile‑device management platform that may have exposed staff names and mobile numbers and was contained and cleaned within nine hours, according to prior disclosures and CERT‑EU updates. (brightdefense.com, bleepingcomputer.com) Industry analysis and incident reporting have highlighted identity and access management shortcomings, misconfigured cloud permissions, and insufficient cloud monitoring as likely contributing factors in the AWS account compromise. (coesecurity.com, csoonline.com)