The European Commission confirmed on Friday that it is dealing with a serious cybersecurity incident after its websites and critical digital infrastructure were targeted in an attack earlier this week.

The incident occurred on Tuesday and affected the cloud environment supporting Europa.eu, the primary hosting platform for websites of key EU institutions.

According to the Commission, emergency response protocols were activated immediately upon detection of the breach, and “swift measures” were implemented to contain the threat. Officials managed to bring the situation under control within a short timeframe, limiting the spread across the broader system.

Early Findings Raise Concern

Preliminary findings from the ongoing investigation are raising concerns, as they suggest a potential data leak from affected websites. While the full scope of the breach remains unclear, the Commission acknowledged that the possibility of unauthorized data extraction from its public web infrastructure is being examined.

The attack impacted Europa.eu, which hosts not only European Commission websites but also those of the European Parliament, the Council of the European Union, and other EU bodies. This significantly heightens the sensitivity of the incident, given that the platform serves as the EU’s primary digital gateway for citizens and organizations.

Despite the severity of the attack, the Commission emphasized that its internal systems were not affected, reducing risks to core operations and confidential data.

Authorities have yet to identify those responsible, with investigations continuing.

The European Commission has already begun coordinating with potentially affected institutions and services, assuring that the situation is being closely monitored. A comprehensive technical analysis will follow, aimed at strengthening cybersecurity defenses and preventing similar incidents in the future.

Rising Cyber Threat Landscape

The incident comes amid a broader surge in cyber threats targeting European governments and businesses.

Its significance is underscored by previous cases, including a major data breach at the European Parliament in 2024 following an attack on its human resources system—highlighting persistent cybersecurity challenges faced by EU institutions.

Responsibility for safeguarding the EU’s digital infrastructure lies with CERT-EU, the bloc’s dedicated cybersecurity body operating under the European Commission.