The European Commission is investigating a cybersecurity breach after discovering that its mobile device management infrastructure was targeted in a cyberattack.
The Commission said it detected suspicious activity affecting systems used to manage mobile devices for its staff.
According to the Commission, traces of the attack were identified on January 30 within its central platform responsible for mobile device management. The incident may have allowed attackers to access limited personal information of some staff members, including names and mobile phone numbers. However, officials stressed that there is currently no evidence that staff mobile devices themselves were compromised.
In a statement, the Commission said its security teams acted quickly to contain the incident. The affected systems were isolated and cleaned within nine hours of detection, preventing further unauthorized access. Authorities emphasized that the swift response limited the scope and potential impact of the breach.
The incident comes shortly after the Commission proposed new cybersecurity legislation on January 20 aimed at strengthening protection against state-sponsored hackers and organized cybercrime groups. The proposed measures focus on safeguarding critical infrastructure and improving resilience across EU institutions.
Although the Commission has not disclosed the precise entry point used by attackers, the breach appears to be connected to a wider wave of attacks targeting European public institutions. These incidents have been linked to vulnerabilities in Ivanti Endpoint Manager Mobile, commonly known as EPMM.
On the same day, Dutch authorities confirmed similar breaches. The Dutch Data Protection Authority and the Council for the Judiciary told Parliament that attackers exploited the same EPMM vulnerabilities to access employee work-related data, including names, business email addresses, and phone numbers.
The National Cyber Security Center said it was alerted by Ivanti on January 29 about critical flaws in the software. Ivanti later confirmed that two zero-day vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, were actively exploited in the wild. These flaws allow remote attackers to execute arbitrary code on unpatched systems without authentication.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Ivanti’s software is widely used by governments and enterprises around the world to manage mobile devices, applications, and security policies. The scale of its customer base has raised concerns that the vulnerabilities could have far-reaching consequences beyond the currently known cases.
