European Space Agency notifies authorities after 500 GB data theft

TL;DR

The European Space Agency has confirmed a large cyber breach and said it is notifying judicial authorities. Attackers told The Register they stole about 500 GB of data, including operational and contractor documents, and claim the vulnerability remains open.

What happened

The European Space Agency (ESA) confirmed a significant security incident after attackers claimed to have exfiltrated roughly 500 GB of files. According to the claims reported by The Register, the group said it gained initial access in September by exploiting a public CVE and extracted internal documents and contractor data that include operational procedures, contingency plans, subsystem documentation, spacecraft tolerances and Earth Observation constellation details. The alleged contractor files originate from multiple industry partners named by the attackers. The intruders also asserted that the security hole remains open and that ESA had been aware of the breach for at least a week and had downloaded a sample. ESA told The Register it is informing judicial authorities to initiate a criminal inquiry but declined to answer specific questions about the attackers' claims. This incident follows a December event in which more than 200 GB of ESA data was listed for sale and a string of prior breaches dating back over a decade.

Why it matters

• Exposed operational procedures and mission details could increase risk to satellite operations and mission security.
• Leaked contractor data may include proprietary information affecting multiple industry partners and supply chains.
• If the vulnerability remains unclosed, attackers could maintain or regain access to live systems, prolonging the threat.
• The recurrence of incidents suggests persistent security weaknesses that could harm ESA’s credibility and international partnerships.

Key facts

• ESA confirmed a further security breach and said it is informing judicial authorities to start a criminal inquiry.
• Attackers told The Register they stole about 500 GB of data after initial access in September via a public CVE (as claimed).
• Stolen material allegedly includes operational procedures, contingency plans, system capabilities, spacecraft tolerances, and Earth Observation constellation details.
• Contractor documents claimed to be included in the theft were said to belong to SpaceX, Airbus Group, Thales Alenia Space, OHB System AG, EUMETSAT, Sener, Teledyne, Leonardo, Deimos Imaging, Sitael, SkyLabs, ISISPACE, and others.
• Named ESA missions and programs allegedly referenced in the stolen files include Greece’s national space program, the Next Generation Gravity Mission, FORUM, and TRUTHS.
• Attackers asserted that the security hole remains open and that ESA had downloaded sample data; ESA declined to answer specific follow-up questions.
• Earlier in December, more than 200 GB of ESA data was listed for sale on BreachForums according to reporting.
• ESA has experienced multiple incidents previously, including a 2024 online store compromise, a 2015 SQL vulnerability that exposed subscriber and staff information, and a 2011 intrusion that published credentials and server configuration files.

What to watch next

• Whether the judicial inquiry produces public findings or indictments (not confirmed in the source).
• Whether ESA publishes technical details of the exploited vulnerability and confirms remediation steps (not confirmed in the source).
• If additional stolen files appear for sale or are disclosed publicly, and whether their provenance is independently verified (not confirmed in the source).

Quick glossary

• CVE: A Common Vulnerabilities and Exposures identifier used to catalog publicly known cybersecurity vulnerabilities.
• Data exfiltration: The unauthorized transfer of data from a computer or network to an external location controlled by an attacker.
• Earth Observation (EO): The collection of information about Earth's physical, chemical, and biological systems via satellites and remote sensing.
• Contractor data: Records and documents produced by or belonging to third-party companies that provide services or components to an organization.

Reader FAQ

Has ESA confirmed the breach?
Yes. ESA confirmed the incident and said it is informing judicial authorities to initiate a criminal inquiry.

How much data was taken?
Attackers claim about 500 GB of files were stolen.

Which companies’ data were affected?
The attackers asserted contractor data from firms including SpaceX, Airbus Group, Thales Alenia Space, OHB, EUMETSAT, Sener, Teledyne, Leonardo, Deimos Imaging, Sitael, SkyLabs, ISISPACE and others.

Is the vulnerability closed and are systems secure now?
Not confirmed in the source.

Were the attackers identified or arrested?
Not confirmed in the source.

CYBER-CRIME ESA calls cops as crims lift off 500 GB of files, say security black hole still open Two weeks, two major data leaks … not a good look for…

Sources

• ESA calls cops as crims lift off 500 GB of files, say security black hole still open
• European Space Agency Data Breach Exposes 200GB of Infrastructure …
• Space Agency Confirms Breach — Hackers Claim 200 GB …
• European Space Agency Confirms Breach After Hacker …

Related posts

• Creator of pcTattletale pleads guilty to selling stalkerware to spouses
• Illinois says mapping error exposed personal data of over 600,000 patients
• Records show mess left after RFK Jr. dumped a dead bear cub in Central Park