6 February 2026 15:46 UTC · European Commission · EU Commission Press Release · Source · Email X Link

European Commission reports cyber-attack on central mobile infrastructure

Key points

Reports traces of cyber-attack on central mobile infrastructure
Says incident contained within nine hours; no mobile devices compromised

TL;DR

Reports traces of a cyber-attack on its central mobile infrastructure detected on 30 January.
Says the incident was contained and the system cleaned within nine hours and that no mobile devices were compromised.
Reports possible access to some staff names and mobile numbers.
Notes CERT-EU role and cites the Cybersecurity Package (Cybersecurity Act 2.0, NIS2, Cyber Solidarity Act) to strengthen EU resilience.

Original text

European Commission - Press release Commission responds to cyber-attack on its central mobile infrastructure Brussels, 6 February 2026 On 30 January, the European Commission's central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted in access to staff names and mobile numbers of some of its staff members. The Commission's swift response ensured the incident was contained and the system cleaned within 9 hours. No compromise of mobile devices was detected. The Commission takes seriously the security and resilience of its internal systems and data and will continue to monitor the situation. It will take all necessary measures to ensure the security of its systems. The incident will be thoroughly reviewed and will inform the Commission's ongoing efforts to enhance its cybersecurity capabilities. As Europe faces daily cyber and hybrid attacks on essential services and democratic institutions, the Commission is committed to further strengthen the EU's cybersecurity resilience and capabilities. Background CERT-EU acts as the central cybersecurity service for all Union institutions, bodies, and agencies. To ensure continuous protection, CERT-EU provides 24/7 threat monitoring, automated alert systems, and rapid incident response to neutralise vulnerabilities before they can be exploited. This operational work is governed by the Interinstitutional Cybersecurity Board (IICB), which streamlines coordination, sets high common security standards, and monitors the implementation of strict cyber-hygiene rules across the EU administration. On 20 January 2026, the Commission introduced a new Cybersecurity Package to bolster the Union's collective defences. A central pillar of this initiative is the Cybersecurity Act 2.0, which introduces a framework for a Trusted ICT Supply Chain to mitigate risks from high-risk suppliers. These measures are supported by the NIS2 Directive , which establishes a unified legal framework to uphold cybersecurity in 18 critical sectors across the EU. It also calls on Member States to define national cybersecurity strategies and collaborate with the EU for cross-border reaction and enforcement. Furthermore, the Cyber Solidarity Act complements this framework by strengthening operational cooperation through the European Cyber Shield and the Cyber Emergency Mechanism, ensuring the Union can detect and respond to large-scale cyber threats with collective speed and precision. IP/26/342 Press contacts: Thomas REGNIER (+32 2 29 91099) Nika BLAZEVIC (+32 2 29 92717) General public inquiries: Europe Direct by phone 00 800 67 89 10 11 or by email

Key tags

Topics

Keywords

Stats

Word count: 393

Summary words: 84

Compression: 21%

Boilerplate removed: Yes

Top phrases:

Entities

People

Organizations

Places

Brussels

Countries

Regions

Europe