European Space Agency Hit Again as Cybercriminals Claim 200 Gb Data Up for Sale

Posted8 days agoActive7 days ago

smurda

41 points

19 comments

theregister.comSecuritystory

informativenegative

Debate

20/100

Data-PrivacyData_exfiltrationEuropean Space Agency

Key topics

Data-Privacy

Data_exfiltration

European Space Agency

As cybercriminals put 200 GB of European Space Agency data up for sale, commenters are skewering the agency's slow response, with some sarcastically lamenting that employees were enjoying their New Year's holiday break. The debate centers around whether the agency should have had staff on hand to respond immediately, with some arguing it's a noncritical issue since the data was already stolen. Others chime in that holiday closures are standard practice, pointing out that even NASA and US National Labs shut down during the holidays. The snarky remarks belie a deeper discussion about balancing security with the human needs of agency staff.

Snapshot generated from the HN discussion

Discussion Activity

Moderate engagement

First comment

23m

Peak period

2-3h

Avg / period

3.1

Comment distribution25 data points

Loading chart...

Based on 25 loaded comments

Key moments

01Story posted
Jan 1, 2026 at 11:28 AM EST
8 days ago
Step 01
02First comment
Jan 1, 2026 at 11:51 AM EST
23m after posting
Step 02
03Peak activity
8 comments in 2-3h
Hottest window of the conversation
Step 03
04Latest activity
Jan 2, 2026 at 12:55 AM EST
7 days ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (19 comments)

Showing 25 comments

egorfine

8 days ago

3 replies

> didn't hear back, with an automated response informing us that the Agency's offices are closed for the New Year holiday

This is so on-brand for EU organizations.

eterm

8 days ago

2 replies

You say that as if it's a bad thing?

egorfine

8 days ago

3 replies

In this context (massive data breach) - it is.

monkey_monkey

8 days ago

1 reply

What does their comms team have to do with the massive data breach?

egorfine

8 days ago

3 replies

Answers. These guys can provide answers to the public.

barrucadu

8 days ago

1 reply

Are these answers so critical they're needed on a holiday?

egorfine

8 days ago

I don't know. There's nobody in the comms team to answer this question.

JumpCrisscross

8 days ago

Aviate, navigate, communicate. In that order.

ESA’s priority in this case is measuring the damage and then brokering a solution if needed. After that it should communicate to the public.

monkey_monkey

8 days ago

OK, so nothing to do with the massive data breach. But hey, you just really want to make a point about how upset you are that Europeans having decent work/life balance, so there's not point continuing to expose your little agenda.

lillecarl

8 days ago

1 reply

Ah yes, responding to the media during holidays will make the data crawl back to their servers!

blell

8 days ago

2 replies

If this were a private business, people would be piling on and calling for the executives to face a firing squad.

pavel_lishin

8 days ago

You can find a certain group of people to pile on for anything.

nubg

8 days ago

"People" here meaning in particular the types that frequent this very message board.

PunchyHamster

8 days ago

It's noncritical infrastructure by every definition and data was already stolen, waking up a PR guy to put something on their page is a waste of everyone's time

monkey_monkey

8 days ago

It's disgusting that they let their employees take time off to be with their families. No wonder Europe has fallen and most Europeans no longer even have access to electricity and water.

dotgov

8 days ago

National Labs are closed over the holidays in the USA too.

supermatt

8 days ago

Because they are on holiday for new year? So was NASA.

zb3

8 days ago

3 replies

Shouldn't this data be public anyway?

victorbjorklund

8 days ago

Terraform files? Seems waste of time to have to make it public.

wtcactus

8 days ago

No, not really. The science products eventually become public (after 1st access right by contributing nations). But why would the API keys (for instance) ever be public?

ahsillyme

8 days ago

More or less. Unless it's something to do with the employee's privacy or something to that effect. Doesn't mean the criminals are the good guys here, since they're trying to make bank on it instead of releasing it to the public -- if it's something that the public has an interest in.

johnnienaked

7 days ago

I'm old enough to remember being told not to put any personal information on the internet. Pretty soon, personal information will be mandatory to use the Internet. How ironic.

krick

8 days ago

Was going to ask what's the data, but

> Compromised Data: Source Codes, CI/CD Pipelines, API Tokens, Access Tokens, Confidential Documents, Configuration Files, Terraform Files, SQL Files, Hardcoded Credentials and more!

Yeah, right. No wonder the nobody bothered to buy and take a look. More of an insult to ESA, than a "data breach".

amelius

8 days ago

Pay them a one-way ticket into space.

guessmyname

8 days ago

And who is going to buy this (useless) data exactly?

View full discussion on Hacker News

ID: 46455330Type: storyLast synced: 1/1/2026, 7:50:31 PM

Want the full context?