European Commission discloses breach that exposed staff data

The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. The Commission said on Friday that it detected traces of a cyberattack targeting infrastructure that manages its staff's mobile devices. While the attackers may have accessed some staff members' personal information, including names and phone numbers, the Commission has not yet found evidence that their mobile devices were compromised. "On 30 January, the European Commission's central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted in access to staff names and mobile numbers of some of its staff members," it said. "The Commission's swift response ensured the incident was contained and the system cleaned within 9 hours. No compromise of mobile devices was detected." The breach comes on the heels of the Commission's proposal of new cybersecurity legislation on January 20 to strengthen defenses against state-backed and cybercrime groups targeting critical infrastructure. Although the Commission has not disclosed how attackers gained access to the mobile device management platform, the incident appears to be linked to similar attacks targeting European institutions that exploit vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software. The Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) notified Parliament on Friday that their systems had been recently hacked in nearly identical breaches. They also confirmed the attackers exploited Ivanti EPMM vulnerabilities to access employee names, business email addresses, and telephone numbers. Valtori, a government agency of Finland's Ministry of Finance, also disclosed a breach on Thursday that may affect up to 50,000 users of the government's shared ICT services, saying the attackers exploited a zero-day vulnerability in its mobile device management service. Ivanti warned on January 29 of two critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) that were exploited in zero-day attacks.