CERT-EU Attributes European Commission Hack to TeamPCP, Data Leak to ShinyHunters

Europe's central cybersecurity agency has formally attributed a significant breach of the European Commission to specific, high-profile cybercrime groups. In a clear and direct assessment, CERT-EU has identified the cybercrime group TeamPCP as responsible for the initial hack. The subsequent, and often more damaging, act of leaking the stolen data online has been pinned on the notorious ShinyHunters gang. This dual-attribution provides a rare, official glimpse into the operational chain of a major attack on a core EU institution, moving beyond generic warnings to name specific threat actors.

The breach represents a direct compromise of the European Commission's digital infrastructure, though the full scope of the stolen data remains under investigation. The involvement of ShinyHunters is particularly significant, as this group has a well-established reputation for aggressively selling or publishing vast datasets from previous high-profile victims across the corporate and government sectors. Their role suggests the stolen Commission data was deemed valuable enough for public distribution or sale on criminal forums, amplifying the potential reputational and operational fallout.

This official attribution by CERT-EU places intense scrutiny on the security posture of one of the EU's most critical administrative bodies. It signals to other European institutions and member states that sophisticated, coordinated cybercrime operations are actively targeting them. The incident will likely trigger internal security reviews and increase pressure for enhanced defensive coordination across the bloc's digital networks, as the line between data theft and strategic public leaking becomes a standard threat model.