European Commission Investigates Breach in Mobile Device Management Platform

First reported

09.02.2026 11:49

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The European Commission is investigating a breach in its mobile device management platform, which may have exposed staff personal information. The attack was detected on January 30, 2026, and contained within 9 hours. The breach is linked to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, similar to recent attacks on Dutch institutions. The compromised data includes names, phone numbers, and business email addresses of staff members. The Commission's response included cleaning the system, but no compromise of mobile devices was detected. The incident follows the Commission's proposal of new cybersecurity legislation to strengthen defenses against state-backed and cybercrime groups.

Timeline

09.02.2026 11:49 1 articles · 13h ago

European Commission Detects Breach in Mobile Device Management Platform
On January 30, 2026, the European Commission detected a cyberattack on its mobile device management platform, which may have exposed staff personal information. The incident was contained and the system cleaned within 9 hours. The breach is linked to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, similar to recent attacks on Dutch institutions. The compromised data includes names, phone numbers, and business email addresses of staff members.
Show sources

European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49
Open in new tab

Information Snippets

The European Commission detected a cyberattack on its mobile device management platform on January 30, 2026.
First reported: 09.02.2026 11:49

1 source, 1 article
Show sources
- European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49
The breach may have exposed staff names and mobile numbers but did not compromise mobile devices.
First reported: 09.02.2026 11:49

1 source, 1 article
Show sources
- European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49
The incident was contained and the system cleaned within 9 hours.
First reported: 09.02.2026 11:49

1 source, 1 article
Show sources
- European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49
The attack is linked to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software.
First reported: 09.02.2026 11:49

1 source, 1 article
Show sources
- European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49
Similar breaches were reported by the Dutch Data Protection Authority and the Council for the Judiciary.
First reported: 09.02.2026 11:49

1 source, 1 article
Show sources
- European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49
Ivanti warned of two critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in EPMM that were exploited in zero-day attacks.
First reported: 09.02.2026 11:49

1 source, 1 article
Show sources
- European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49
The vulnerabilities allow remote attackers to execute arbitrary code on unpatched devices without authentication.
First reported: 09.02.2026 11:49

1 source, 1 article
Show sources
- European Commission discloses breach that exposed staff data — www.bleepingcomputer.com — 09.02.2026 11:49

Summary

Timeline

European Commission Detects Breach in Mobile Device Management Platform

Information Snippets