The European Commission experienced a distributed denial of service (DDoS) attack on Thursday that disrupted its operations for several hours, though no data breach was experienced.
The Commission confirmed in a statement that it was indeed the target of a DDoS attack, but claimed that its security teams responded well, so no disruption was caused.
And yet, EC staff revealed for several sources that some servers went offline following the attack, so the activity was interrupted for multiple hours. It’s not yet clear if these systems were taken offline because of the DDoS or by security engineers in order to deal with the attacks.
“No data breach has occurred,” a Commission spokesperson was quoted as saying by Politico. “The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time.”
It’s being reported, however, that the European Commission acknowledged the DDoS attacks internally, and in emails sent to staff, it explained that these led to “the saturation of our Internet connection.”
Furthermore, an employee reportedly explained that “no one could work this afternoon, since the Internet was gone twice, for several hours.”
For the moment, the group of hackers who launched the attacks is not yet known, but the European Commission says that it has already started an investigation and will share more information at a later time. This is unlikely, though, especially because the EC downplayed the effects of the attacks.
Insiders revealed that the EC expected new waves of attacks in the coming days, and the cyber emergency response team (CERT-EU) was working with the IT security team to block them.
The aforementioned source notes that in addition to the traffic that hackers submitted to the EU website, the Commission also experienced attacks specifically aimed at network gateways, and this is the main reason that caused Internet connections used by employees to go down.