A threat actor claims to have compromised at least one AWS cloud account associated with the European Commission, exfiltrating a claimed 350 GB of email server content and employee records with stated intent to leak rather than ransom. The attack vector appears to be authentication or credential-based cloud account compromise (CWE-287); a possible Ivanti EPMM exploitation vector has been inferred by some reporting but is not confirmed. This item is T3-sourced with no official Commission disclosure as of reporting date; organizations sharing data with EU Commission systems or operating similar AWS environments should audit IAM configurations, enforce MFA, and review CloudTrail for data-plane exfiltration indicators.