The European Space Agency (ESA) has confirmed that parts of its digital infrastructure were compromised following claims by a hacker offering to sell data allegedly stolen from the organization. The agency said it has launched a forensic investigation and is taking steps to secure affected systems.
In a public statement, ESA acknowledged that the breach involved external servers used for scientific collaboration, not its core corporate network. According to preliminary findings, only a limited number of systems were impacted.
“Our analysis so far indicates that a very small set of external servers may have been affected,” ESA said. “These systems support unclassified collaborative engineering activities within the scientific community.”
The agency added that relevant partners and stakeholders have been notified and that further updates will be shared as the investigation continues.
Hacker Claims Sale of Stolen ESA Data
The confirmation follows claims made by an individual using the online alias “888”, who posted on the cybercrime forum BreachForums in late December. The hacker alleged that ESA systems were accessed on December 18 and offered approximately 200 gigabytes of data for sale.
According to the claims, the stolen material includes files from private Bitbucket repositories, source code, configuration files, credentials, API keys, access tokens, and internal documents. The threat actor released several screenshots online, purportedly to support the authenticity of the breach.
ESA has not publicly verified the scope or accuracy of the hacker’s claims but emphasized that the affected servers did not handle classified information.
Investigation and Containment Efforts Ongoing
ESA said it is working to isolate compromised devices, strengthen security controls, and determine how the intrusion occurred. The agency has not disclosed whether any personal data was involved or whether the incident could impact ongoing missions or operations.
Cybersecurity experts note that research and collaboration platforms are increasingly targeted because they often connect multiple organizations and may not be protected to the same degree as internal corporate networks.
Part of a Broader Trend Targeting Space Agencies
The incident adds to a growing list of cyberattacks aimed at space agencies and aerospace organizations worldwide. In recent years, agencies in Europe and Asia have reported attempted intrusions targeting research systems, satellite infrastructure, and supply chains.
While ESA has stressed that this breach appears limited in scope, the situation underscores the expanding cyber risks facing space and scientific institutions as collaboration and data sharing continue to grow.
