EU investigating ‘IT security incident’ involving multiple agencies

Cybersecurity experts at the European Union are investigating an “IT security incident” involving multiple institutions, though “no major information breach” has been detected, EU officials said Tuesday.

The scope and nature of the incident were not immediately clear, but a spokesperson for the European Commission, the EU’s executive branch, said the commission had set up a “24/7 monitoring service” in response to the incident.

“The European Commission and other EU institutions, bodies or agencies have experienced an IT security incident in their IT infrastructure,” the commission spokesperson said in an email.

A spokesperson for the European Parliament said the parliament and other EU bodies had “received an alert on [a] possible vulnerability in its IT infrastructure.” The parliament “took immediate measures to check and protect its servers against this vulnerability,” the spokesperson said.

As a 27-country bloc that affects trade and foreign policy on the continent, EU institutions are natural targets for hackers of all stripes. A 2018 alleged Chinese hacking operation targeted the cables of European diplomats, private sector researchers claimed then.

More recently, in December, unidentified hackers breached the European medicines regulator, which oversees the rollout of coronavirus vaccines.  

The commission is working with CERT-EU, the bloc’s office for responding to hacking incidents, and the IT vendor whose software is involved in the incident, the commission spokesperson said. The spokesperson did not identify the IT vendor.

“At this stage, it is too early to provide any conclusive information relating to the attack vector and scope of the incident,” the statement reads.

EU employees were recently warned internally about phishing attempts, Bloomberg News reported, citing an official familiar with the matter.