IT

European Commission Suffers Major Data Breach via Trivy Tool Poisoning

The European Commission experienced a significant data breach due to a supply chain attack on the open-source security tool Trivy. Hackers stole 92 GB of compressed data, including personal information and staff emails, from the Commission's AWS infrastructure.
GL
Aryan Mehta
thegreylens.com
4 April 2026

A sophisticated supply chain attack, orchestrated by the cybercrime group TeamPCP, has resulted in a major data breach at the European Commission. The attackers successfully poisoned the Trivy open-source security scanner, gaining unauthorized access to the Commission's cloud infrastructure hosted on Amazon Web Services (AWS). CERT-EU, the European Union's computer emergency response team, attributed the breach to TeamPCP's efforts over the past six weeks to compromise tools organizations use for their defense.

The attack commenced on March 19 when the European Commission inadvertently downloaded a compromised version of Trivy, a widely used vulnerability scanner maintained by Aqua Security. TeamPCP exploited an incomplete credential rotation following an earlier breach of Trivy's GitHub repository in late February. This residual access allowed them to push malicious code into multiple versions of the trivy-action repository. When the Commission's automated security pipeline fetched the tainted update, malware harvested an AWS API key, providing the attackers with a gateway into the Commission's cloud account.

The breach led to the theft of approximately 92 gigabytes of compressed data. This data included personal information and email contents belonging to staff across numerous EU institutions. Subsequently, the notorious ShinyHunters gang published this stolen data, further exacerbating the incident. The compromised data reportedly includes emails and personal details from up to 71 clients across various EU institutions, highlighting the extensive reach of the attack.

This incident underscores the critical vulnerabilities inherent in the open-source software supply chain, which forms the backbone of many security tools relied upon by governments and organizations worldwide. The European Commission's breach serves as a stark reminder of the need for enhanced security measures and diligent oversight of the third-party software and tools integrated into critical infrastructure.

---

⚠️ This article used AI assistance. Please verify facts independently.

This article was researched and written with AI assistance based on publicly available news sources. All content is reviewed for accuracy by The GreyLens editorial team. For corrections or feedback: news@thegreylens.com

← Back to News