The European Commission’s central mobile device management infrastructure was hit by a cyberattack on January 30 that may have exposed staff names and mobile numbers, but the system was contained and cleaned within nine hours with no compromise of mobile devices detected. Observers suspect a link to a Dutch campaign exploiting critical Ivanti Endpoint Manager Mobile (EPMM) zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) that affected Dutch agencies and spurred calls for stronger EU cybersecurity measures. #EuropeanCommission #EPMM
Keypoints
- The European Commission detected traces of a cyberattack on its mobile management infrastructure on January 30.
- The Commission contained and cleaned the affected system within nine hours and reported no mobile device compromise.
- Security observers linked the incident to simultaneous Dutch attacks exploiting Ivanti EPMM zero-day vulnerabilities CVE-2026-1281 and CVE-2026-1340.
- The Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) reported unauthorized access to employee contact data and took immediate mitigation and notification steps.
- The incident reinforced the EU’s push for stronger cybersecurity controls, including the Cybersecurity Package and Cybersecurity Act 2.0 with a Trusted ICT Supply Chain framework.
Read More: https://thecyberexpress.com/european-commission-mobile-cyberattack/