European Commission Cloud Hack by TeamPCP Exposes Data from 29 EU Entities

On April 3, 2026, the European Union's Cybersecurity Service (CERT-EU) attributed a cloud infrastructure hack of the European Commission to the TeamPCP threat group. The breach exposed data from at least 29 other Union entities, making it one of the most significant compromises of EU institutional data in recent years. The attack targeted cloud-hosted systems and leveraged the interconnected nature of EU institutional cloud infrastructure to pivot across multiple organizations. TeamPCP is a sophisticated threat actor with a history of targeting government and intergovernmental organizations. The full scope of data exfiltrated is still under investigation. Affected data may include internal communications, policy documents, and potentially sensitive diplomatic or regulatory information. Mitigations: EU entities should immediately audit cloud access logs for unauthorized access, rotate credentials for all cloud service accounts, implement enhanced monitoring for lateral movement in cloud environments, and review cross-entity data sharing permissions. Organizations should also verify the integrity of data stored in shared cloud environments.