On March 19, 2026, ShinyHunters obtained an AWS API key belonging to the European Commission’s cloud environment via a prior compromise of the open-source security tool Trivy. This enabled unauthorized access to the EC’s AWS infrastructure. CERT-EU confirmed the breach on March 30, 2026, reporting that over 350 GB of data was exfiltrated, including emails and attachments, SSO user directory dumps, DKIM signing keys, AWS configuration snapshots, NextCloud/Athena data, and internal admin URLs. Data of at least 29 other EU entities may have been affected. The DKIM key theft enables ShinyHunters to forge authenticated emails from EU Commission domains. The breach is part of a broader ShinyHunters campaign targeting cloud credentials in 2026.