The European Commission (EC) is investigating a data breach that may have given attackers access to some staff names and mobile phone numbers.
The incident, which occurred on January 30, impacted the central infrastructure managing mobile devices. The Commission revealed it was dealt with swiftly, with the incident contained and systems cleaned within nine hours.
No compromise of any mobile devices was detected.
"The Commission takes seriously the security and resilience of its internal systems and data and will continue to monitor the situation. It will take all necessary measures to ensure the security of its systems," it said in a statement.
"The incident will be thoroughly reviewed and will inform the Commission's ongoing efforts to enhance its cybersecurity capabilities."
“The stolen information could be used for phishing attacks, with social engineering campaigns targeting government officials having grown in popularity over the last few months, said Ross Filipek, CISO at Corsica Technologies.
"UK Parliamentarians were subject to Russian spear phishing attacks this past December which aimed to establish stealthy continuous monitoring of government activity," he said.
"A similar Iranian cyber espionage campaign targeted government and military officials last November, threatening highly sensitive global intelligence-sharing networks."
Incident comes in wake of Ivanti attacks
The incident comes just days after a recent breach of the Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) was revealed.
That attack is believed to be linked to Ivanti Endpoint Manager Mobile (EPMM), which manages an organization’s mobile devices. Ivanti has issued patches and an advisory for the two critical code injection vulnerabilities.
Tracked as CVE-2026-1281 and CVE-2026-1340, both were rated critical, with CVSS base scores of 9.8.
"Even if limited information was stolen, these attacks send a clear message of defiance from cyber criminal organizations, whose skills have grown rapidly with the introduction of new technologies and have led to a higher number of successful campaigns against government officials," warned Nick Tausek, lead security automation architect at Swimlane.
The attack follows EU proposals for new cybersecurity legislation aimed at strengthening defenses against state-backed and criminal threats.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Lenovo names Andy Rhodes as new general manager for UK&I
AI isn’t making work easier, it’s intensifying it
