general🌐InternationalHeise Security
ESA Confirms Cyber Incident on External Servers, Data Theft Claimed
Friday, January 2, 2026
What
The European Space Agency (ESA) experienced a cybersecurity incident impacting a limited number of external servers, which held non-secret scientific collaboration documents. This is significant as an attacker claims to have exfiltrated over 200 GB of sensitive data, including source code and access tokens, from development platforms.
Where
European Space Agency (ESA) external servers, specifically Jira and Bitbucket systems.
When
Disclosed by ESA before year-end; attacker claimed access the previous week.
Key Factors
- •ESA confirmed a limited breach on external servers, stating only "non-secret" scientific documents were affected, downplaying the incident's severity.
- •An alleged attacker claims to have exfiltrated over 200 GB of data, including source code, API/access tokens, and configuration files from Jira and Bitbucket servers, and offered it for sale.
- •The incident occurred despite ESA having recently established a Cyber Security Operations Centre (C-SOC) to protect its digital assets, highlighting ongoing challenges in securing complex environments.
Takeaways
- →Organizations must verify and secure all external-facing development and collaboration platforms, such as Jira and Bitbucket, as they are prime targets for credential and source code theft.
- →Implement robust data loss prevention (DLP) and monitoring on all servers, regardless of their "non-secret" classification, to detect and prevent unauthorized data exfiltration.
Read Full Article
Opens original article on Heise Security
