European Commission investigates hack of mobile device management infrastructure; staff names and numbers may have been accessed, system cleaned within 9 hours. The Commission said it detected traces of a cyberattack on January 30 against central infrastructure that manages staff mobile devices, which may have resulted in access to some staff members’ names and mobile numbers; it stated its response contained the incident and cleaned the system within 9 hours and that there was no evidence mobile devices themselves were compromised. While the Commission did not confirm an entry vector, reporting indicates the incident aligns with a wave of similar attacks against European institutions exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities, with additional public-sector victims reporting exposure of employee contact details and an ecosystem view suggesting multiple internet-exposed EPMM servers may have been compromised (as tracked by Shadowserver Foundation).

The risk framing is clear: MDM/EPMM is a high-leverage control plane, and compromising it can yield outsized impact without “owning” endpoints; realistic testing therefore focuses on hardening and monitoring the management layer itself, validating patch-to-detection speed for zero-day-style exploitation, and proving that identity and admin-plane abuse would trigger actionable signals before it becomes a scalable fleet-wide policy or credential incident.