A significant data breach has been confirmed by the European Commission, resulting from a supply chain attack linked to Trivy, a vulnerability scanner. The breach led to the theft of over 300GB of data from the Commission's Amazon Web Services (AWS) environment, compromising personal information. This incident highlights the potential risks associated with third-party vulnerabilities, as attackers exploited a weakness in the supply chain to gain access to sensitive data. The Commission's AWS environment was specifically targeted, emphasizing the importance of securing cloud-based infrastructure. The breach is a stark reminder of the need for robust security measures to protect against supply chain attacks, which can have severe consequences, including the exposure of sensitive information1. This incident matters to security practitioners because it underscores the necessity of thoroughly assessing and mitigating vulnerabilities in third-party tools and services to prevent similar breaches.