EC discloses potential data breach after cyberattack on mobile infrastructure

Attackers have hacked into a system used by the European Commission to manage employees’ mobile devices. Personal information about staff members may have been stolen during the attack.

“On 30 January, the European Commission’s central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted in access to staff names and mobile numbers of some of its staff members,” the executive branch of the EU says in a statement.

The breach was detected by the Commission’s internal monitoring systems. The affected systems were contained and cleaned within 9 hours. According to cybersecurity employees no mobile devices were compromised as a result of the cyberattack.

The Commission affirms its commitment to the security and resilience of its internal systems. It also promises to monitor the situation closely and to take all necessary measures to ensure the security of its systems.

“The incident will be thoroughly reviewed and will inform the Commission’s ongoing efforts to enhance its cybersecurity capabilities,” the regulator concludes. Lastly, it promises to further strengthen the EU’s cybersecurity resilience and capabilities.

Although the European Commission didn’t specify which system was affected, the warning appeared on the same day Arno Rutte, Minister for Legal Protection in the Netherlands, announced that the Dutch privacy and data protection authority had been hacked by an unauthorized party who accessed employee data by exploiting known vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), a security software suite used to remotely manage mobile devices, apps, and content.

Recently, Ivanti released security updates for two vulnerabilities that are being actively exploited by hackers: CVE-2026-1281 and CVE-2026-1340. These exploits allow unauthenticated users to perform a remote code execution (RCE) on unpatched servers, providing persistent access to the system and letting attackers steal data or gain control over the system.