A threat actor claims to have breached at least one AWS cloud account operated by or on behalf of the European Commission, exfiltrating a claimed 350 GB of data that includes email server content and employee databases. The attacker has publicly stated they will not seek ransom and intend to leak the data, a posture consistent with information operations or state-adjacent activity rather than financially motivated cybercrime. If confirmed, the breach represents a significant exposure of EU institutional communications and personnel data, with potential downstream risk to partner organizations and third parties whose data transits Commission systems.