The European Commission’s breach of its AWS-hosted Europa.eu platform was not, according to CERT-EU, the result of an exposed public app or a noisy smash-and-grab against a website. The initial access came from somewhere much less visible: a compromised version of the Trivy security scanner delivered through normal update channels.
That detail matters more than the headline. Trivy is a defensive tool. In this case, CERT-EU says a malicious actor obtained an AWS secret on March 19, 2026 through the Trivy supply-chain compromise that Aqua Security had publicly attributed to TeamPCP. From there, the attacker created and attached a new access key to an existing user, ran reconnaissance, and eventually exfiltrated about 91.7 GB of compressed data from the affected cloud environment.
CERT-EU says alerts were detected on March 24, it was notified on March 25, and the European Commission publicly disclosed the incident on March 27. On March 28, the extortion group ShinyHunters published the stolen dataset on its leak site. The compromise affected infrastructure behind multiple Commission websites, and data from up to 71 clients of the Europa hosting service may be involved, including 42 internal Commission clients and at least 29 other Union entities.
Why this breach is more instructive than unusual
Supply-chain attacks are often discussed in abstract terms: bad package, poisoned update, compromised dependency. CERT-EU’s write-up gives a more operational picture of what that means in a cloud environment.
The attacker did not need to break into each target website one by one. They obtained a cloud secret, then used AWS-native access to move like a legitimate operator. CERT-EU says the stolen key had management rights over other AWS accounts affiliated with the Commission. Even though investigators found no evidence of lateral movement into other accounts, that level of access explains why the incident is bigger than a website breach. It was a control-plane problem.
There is a second lesson here. Security tooling inside CI/CD pipelines often has privileged visibility by design. It scans builds, checks images, and sometimes runs in environments that already hold deployment credentials or can reach secrets needed later in the workflow. If that tool or action is compromised, the attacker inherits exactly the trust that made the tool useful in the first place.
A concrete way to think about it
A simple scenario looks like this: a team uses Trivy in a GitHub Actions pipeline to scan containers before deployment. The workflow also has access to AWS credentials because the same pipeline eventually needs to publish artifacts or update infrastructure. The scan step still appears routine, but the compromised action quietly exfiltrates the credentials. A few days later, the attacker uses those credentials to create a fresh access key, validate identity through AWS STS, and start pulling data.
That is close to the chain described across CERT-EU’s incident post and Aqua Security’s advisory. Aqua said TeamPCP’s tooling was built to operate inside CI/CD pipelines and exfiltrate harvested secrets through several channels, including typosquatted domains, GitHub repositories, and Cloudflare tunnels. CERT-EU’s recommendation to search for those artifacts is a clue to the kind of intrusion defenders now need to expect: not just malware on endpoints, but subtle abuse inside build systems that are supposed to improve security.
What data was exposed, and why that creates a second-stage risk
The breach is still being analyzed, but CERT-EU has already confirmed personal data in the published material, including names, usernames, and email addresses. It also identified at least 51,992 outbound email-related files totaling 2.22 GB. Most were automated notifications, but some bounce-back messages may contain original user-submitted content.
That last point is easy to overlook. When published data includes contact details and fragments of actual communications, the breach does not stop at disclosure. It can become fuel for targeted phishing, impersonation, and social-engineering campaigns against staff, contractors, partner agencies, or members of the public who have interacted with affected sites.
CERT-EU explicitly warns organizations to monitor for secondary exploitation of the disclosed data. That is practical guidance, not boilerplate. Once a dataset is public, the defensive question shifts from containment alone to who can weaponize the contents next.
What the European Commission appears to have done right
The Commission’s response, as described by CERT-EU, was fairly direct. It revoked the compromised account’s rights, deactivated or deleted compromised access keys, notified relevant data protection authorities, and began direct outreach to impacted clients on March 31. Its March 27 press release also said internal systems were not affected.
There is an institutional point here too. CERT-EU notes that the incident was reported under the EU Cybersecurity Regulation, which requires significant incidents to be disclosed without undue delay. That reporting framework does not prevent breaches, but it does improve the odds that affected entities, counterpart agencies, and the wider security community learn from the same event while it is still operationally relevant.
What other organizations should actually change
CERT-EU’s mitigation list is worth reading because it is specific and not especially glamorous. The immediate items are the ones many teams skip until after an incident:
- Update Trivy to a known-safe version and audit where it is deployed, including CI/CD pipelines.
- Rotate AWS secrets and credentials that may have been exposed during the compromise window.
- Pin GitHub Actions to full commit SHA hashes rather than mutable tags.
- Review CloudTrail for anomalous STS calls, new access keys on existing users, and signs of reconnaissance or lateral movement.
- Hunt for exfiltration artifacts tied to TeamPCP infrastructure.
The broader recommendation is stricter separation between pipeline tasks and cloud privileges. Many organizations still let CI/CD systems hold credentials that are too broad, too long-lived, or too easy to reuse. When that happens, a compromise in a scanner, action, or helper utility does not stay inside the pipeline. It jumps straight into infrastructure administration.
This is why the Commission breach should be read less as a story about one victim and more as a warning about a common architecture pattern. Modern teams increasingly centralize trust in automation. That is efficient, but it also means a single poisoned dependency in the build chain can expose far more than the narrow task it was meant to perform.
What to watch next
The unresolved piece is scope. CERT-EU says analysis of databases linked to hosted websites is still underway, and the full exposure picture will take time because of the volume and complexity of the data. That means the most important developments from here may not be new breach theatrics, but quieter updates about exactly which datasets were affected and whether the published material leads to follow-on abuse.
For everyone else, the immediate takeaway is simpler. If a security tool in your pipeline can see cloud credentials, it is part of your attack surface in the fullest sense. The European Commission incident is a sharp reminder that “trusted update” and “security product” are no longer reassuring categories on their own.
Sources: CERT-EU incident analysis and Aqua Security advisory.