The European Commission has been hit by a major data breach at the European Commission, attributed to cybercrime group TeamPCP. The group used a supply chain attack on the open-source security tool Trivy to steal 92 GB of compressed data from the Commission's Amazon infrastructure. The data, which included emails and personal details from up to 71 clients across EU institutions, was published online by the notorious ShinyHunters gang. The breach exposes the fragility of the open source software supply chain that supports the security tools governments rely on. CERT-EU attributed the breach to a cybercriminal group that has spent six weeks systematically compromising the tools organisations use to defend themselves. The stolen data relates to websites hosted for up to 72 clients of the Europa.eu web hosting service, 42 internal European Commission clients and at least 29 other EU entities.