The European Space Agency (ESA) has reported that cyber attackers recently infiltrated servers situated outside its corporate network, which housed what the agency referred to as “unclassified” data related to its collaborative engineering efforts.

Established half a century ago and based in Paris, ESA is an intergovernmental entity that orchestrates the space initiatives of 23 member states. The agency employs roughly 3,000 individuals and had a financial plan of €7.68 billion ($9 billion) in 2025.

Today, the agency released a statement acknowledging the breach after a threat actor on BreachForums claimed they had compromised several of ESA’s servers.

The threat actor also shared screenshots to demonstrate they had gained access to ESA’s JIRA and Bitbucket servers for an entire week.

“ESA acknowledges a recent cybersecurity incident involving servers located outside its corporate network. A forensic security analysis has been initiated and is currently underway, along with measures to secure potentially affected devices,” the agency stated on Tuesday.

“Preliminary findings suggest that only a limited number of external servers may have been affected. These servers facilitate unclassified collaborative engineering activities within the scientific community.”

ESA has informed “all relevant stakeholders” about the security incident and will release further updates as new information comes to light.

While ESA has not disclosed specific details regarding the breached servers, the threat actors claim they extracted over 200GB of data by infiltrating the European Space Agency’s systems and private Bitbucket repositories.

The alleged stolen data reportedly encompasses source code, CI/CD pipelines, API tokens, access tokens, confidential documents, configuration files, Terraform files, SQL files, and hardcoded credentials, among other sensitive information.

“I have been accessing some of their services for about a week now and have taken over 200GB of data, including all their private Bitbucket repositories,” claimed the threat actor.

An ESA representative was not immediately available for comments when approached by BleepingComputer earlier today.

This incident marks another occurrence of the European Space Agency facing breaches in recent years.

Just a year ago, shortly before Christmas, the official web shop of the European agency was hacked, with malicious JavaScript injected to capture customer information and payment card data during the checkout process.

A malfunctioning IAM system isn’t just an IT concern; it affects your entire organization.

This hands-on guide elaborates on why traditional IAM practices struggle to meet modern demands, showcases examples of effective IAM, and provides a straightforward checklist to establish a scalable strategy.

Get the guide