Cyber Incident Victim: Emmanuel College
Date:
Mar 2026
Location:
United States of America
Summary
The supplied articles do not reference any cybersecurity incident involving Emmanuel College. Consequently, there is no basis for summarizing an event that pertains to that institution within the given context. All details presented relate to a breach affecting the European Commission's AWS environment via a compromised Trivy API key. No information about its systems, data, or threat activity is included in the provided sources. Therefore, a description of an incident at the college cannot be formulated from the available information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The European Commission confirmed on March 24 that hackers had stolen over 300 gigabytes of data from its Amazon Web Services environment after an API key was compromised in the Trivy supply chain attack carried out by the TeamPCP hacking group on March 19. The compromised API key had been obtained through a tainted version of the Trivy vulnerability scanner that the Commission received via normal software update channels. Using the stolen key, the attackers created and attached a new access key to a user account and began reconnaissance within the AWS account that forms part of the backend for the Europa.eu hosting service. This initial access granted them control over other AWS accounts affiliated with the European Commission and allowed them to launch TruffleHog to scan for additional secrets and validate credentials via the Security Token Service.
With elevated privileges, the threat actor proceeded to exfiltrate data from the affected cloud environment, focusing on the websites hosted for the Europa web hosting service. The exfiltrated dataset amounted to approximately 340 gigabytes of uncompressed data and included personal information such as names, email addresses, and usernames primarily sourced from the European Commission’s own websites. The data covered up to seventy‑one clients of the Europa service, comprising forty‑two internal Commission entities and at least twenty‑nine other European Union organizations. On March 28, the ShinyHunters extortion group posted the stolen information on its Tor‑based leak site, making the material publicly accessible.
In addition to the main dataset, roughly 2.22 gigabytes of the stolen material, representing fifty‑one thousand nine hundred ninety‑two files, consisted of automated notifications and bounce‑back messages that could contain user‑submitted personal information. Upon discovering the breach, the European Commission revoked the compromised account’s rights, deactivated and rotated the associated credentials, and notified the relevant data protection authorities. The Commission also stated that its internal systems remained unaffected by the incident, while the analysis of the impacted databases continues due to the volume and complexity of the data involved.