European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
The European Commission has confirmed a data breach linked to the Trivy supply chain attack, resulting in the theft of over 300GB of data from its AWS environment. The breach, which occurred on March 24, exposed personal information such as names, email addresses, and usernames from the EC's websites and those of other EU entities.
The European Commission suffered a data breach after hackers stole an API key in the Trivy supply chain attack. The key was used to access an AWS cloud account, which is part of the backend for the Europa.eu hosting service. Hackers created a new access key and carried out reconnaissance. The breach exposed 300GB of data, including personal information from the EC's websites and other EU entities. The data was stolen on March 24 and added to a Tor-based leak site on March 28. The EC has revoked the compromised account's rights and notified data protection bodies.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.