.png)
European Commission Ivanti Breach 2026: Staff Data Exposed in Government MDM Attack
The European Commission disclosed in February 2026 that a cyberattack had compromised staff data through its mobile device management infrastructure — exploiting a vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that had been disclosed by Ivanti in January 2026. The Commission contained the incident within nine hours but confirmed that staff names and mobile phone numbers may have been accessed by the attackers. The attack was part of a broader wave of Ivanti EPMM exploitation that affected government agencies across Europe and the United States in early 2026.
The European Commission disclosed on February 6, 2026 that attack traces had been identified in its MDM infrastructure on January 30. The Commission stated that investigators determined intruders may have accessed staff names and mobile numbers. The affected systems were cleaned within nine hours of detection. The Commission attributed the vulnerability to Ivanti EPMM and noted the attack followed Ivanti's January 2026 advisory. The attack was part of a coordinated campaign exploiting the same Ivanti vulnerability across multiple European and US government entities, consistent with a state-sponsored or sophisticated criminal actor exploiting a newly-disclosed zero-day before patches could be applied at scale.
Attackers exploited a zero-day vulnerability in Ivanti EPMM — a mobile device management solution widely deployed in government and enterprise environments. The vulnerability, disclosed by Ivanti in January 2026, allowed attackers to gain unauthorized access to MDM infrastructure. The European Commission disclosed that attack traces were detected on January 30, 2026, and that the incident was contained and affected systems cleaned within nine hours. The Commission stated that only staff contact data (names and mobile numbers) was confirmed as potentially accessed, with internal systems not impacted. The Ivanti EPMM vulnerability was also exploited against multiple European government agencies and US federal contractors in the same time period.
The European Commission breach reinforced that MDM infrastructure — which manages and has access to all enrolled mobile devices — is a high-value attack target requiring the same security rigor as endpoint security platforms. Ivanti products have been the subject of multiple critical zero-day disclosures in 2024–2026; organizations running Ivanti infrastructure must maintain an elevated patch posture and implement compensating controls including network segmentation that limits what MDM infrastructure can access if compromised.
For PE portfolio companies using Ivanti EPMM, Ivanti Connect Secure, or other Ivanti products, the European Commission breach — combined with the pattern of Ivanti zero-days in 2024–2026 — should trigger an immediate inventory and patch currency assessment. Ivanti products have been among the most actively targeted enterprise security infrastructure in recent years.