TeamPCP Threat Group Breaches European Commission Cloud, Exposes 29 EU Entities

The European Union's Cybersecurity Service (CERT-EU) attributed a significant cyberattack on the European Commission's cloud infrastructure to the TeamPCP threat group. The attack, which occurred on March 24, 2026, targeted the cloud infrastructure hosting the Europa web platform and resulted in data theft from at least 29 EU entities. While internal systems were reportedly not impacted, the breach exposed sensitive data from multiple EU governmental organizations. The European Commission has been dealing with multiple cybersecurity incidents in 2026, including a staff data breach in February. The TeamPCP group appears to be a sophisticated threat actor with the capability to compromise major governmental cloud infrastructure. EU organizations should review their cloud security posture, implement zero-trust architecture, enhance monitoring of cloud environments, and ensure proper data classification and access controls are in place.