On 30 January, the European Commission’s central infrastructure for managing mobile devices identified signs of a cyber-attack that may have resulted in unauthorised access to the names and mobile numbers of some staff members. The Commission responded swiftly, successfully containing the incident and restoring the system within nine hours, with no evidence of compromised mobile devices.
The European Commission places a high priority on the security and resilience of its internal systems and data. CERT-EU is the EU’s central cybersecurity service, providing 24/7 threat monitoring and rapid incident response. Governed by the Interinstitutional Cybersecurity Board, it ensures high security standards.
On 20 January, the Commission launched a Cybersecurity Package, including the Cybersecurity Act 2.0 for a Trusted ICT Supply Chain. The NIS2 Directive establishes a legal framework for cybersecurity in 18 sectors, while the Cyber Solidarity Act enhances cooperation to address large-scale cyber threats.
Ongoing monitoring of the situation will continue, and all necessary measures will be taken to safeguard these systems. A comprehensive review of the incident will be conducted and will contribute to the Commission’s continual efforts to enhance its cybersecurity capabilities.
As the European landscape faces persistent threats from cyber and hybrid attacks targeting essential services and democratic institutions, the Commission remains committed to strengthening the EU’s cybersecurity resilience and overall capabilities.
