The European Commission has confirmed that it was targeted by a cyberattack on 24 March, affecting parts of its cloud infrastructure used to host websites on the Europa.eu

platform.

According to officials, emergency measures were deployed immediately after the breach was detected. The rapid response helped contain the incident and ensured that public-facing websites remained accessible, avoiding disruption for users across the European Union.

Preliminary findings indicate that data may have been extracted from affected web services. Authorities are currently notifying EU bodies that could have been impacted, while a full investigation into the scope and consequences of the breach remains ongoing.

Importantly, the Commission emphasized that its internal systems were not compromised. Monitoring efforts continue as cybersecurity teams assess risks and reinforce protections. The institution has also pledged to use lessons from the incident to strengthen its digital defenses.

The attack comes at a time when Europe is facing an increasing number of cyber and hybrid threats aimed at critical infrastructure and democratic institutions. In response, the Commission has been intensifying efforts to improve resilience across the bloc.

The EU has already rolled out several major cybersecurity initiatives, including the NIS2 Directive, the Cyber Solidarity Act, and the Cybersecurity Regulation. Together, these measures aim to standardize cybersecurity practices, enhance cross-border cooperation, and improve rapid response capabilities to large-scale incidents.

Earlier this year, on 20 January 2026, the Commission also introduced a new cybersecurity package designed to further strengthen the EU’s collective defenses.

Additional context: cyberattacks in the EU

Cyberattacks across the European Union have been rising steadily in both frequency and sophistication. Recent years have seen major incidents targeting healthcare systems, energy providers, financial institutions, and even government administrations.

For example, ransomware campaigns have disrupted hospitals in countries like Germany and France, while phishing and state-backed espionage operations have increasingly targeted EU institutions themselves. Security agencies have also warned about hybrid threats—where cyberattacks are combined with disinformation campaigns—aimed at undermining public trust and political stability.

According to EU cybersecurity authorities, attacks linked to critical infrastructure have become a top concern, especially in the context of geopolitical tensions. The war in Ukraine has further highlighted the strategic role of cyber warfare, with spillover risks affecting neighboring EU states.

To counter these threats, the EU is investing in coordinated defense mechanisms such as shared threat intelligence, rapid response teams, and large-scale monitoring systems. Initiatives like the planned European Cyber Shield are expected to significantly enhance early detection and collective response capabilities across member states.

Overall, the latest incident involving the Commission underscores a broader reality: cyber threats are no longer isolated events but a constant challenge requiring continuous vigilance and cooperation at the European level.