A cybercriminal group called ShinyHunters stole personal data in a recent cyberattack on the European Commission’s cloud infrastructure, the European Union’s in-house cybersecurity team said on Thursday.

The EU’s Computer Emergency Response Team (CERT-EU) said attackers took personal data including “names, email addresses and email content” when the EU executive’s cloud services suffered a breach in March, in a detailed technical statement. 

The ShinyHunters group was reportedly responsible for a major hack of a Dutch telecom operator in February, and is part of a wider group that claimed responsibility for a hack of Jaguar Land Rover that knocked approximately €2.2 billion off the United Kingdom’s economy last year.

The Commission reported the incident last Friday, having discovered it earlier in the week. The attack affected the Commission’s public website platform europa.eu based on Amazon Web Services. Data pertaining to at least 29 other EU entities may be affected, CERT-EU said.

Commission spokesperson Thomas Regnier told reporters earlier this week that the data in question was “potentially already in the public domain.”

The technical analysis on Thursday confirmed reports that the notorious cybercriminal group ShinyHunters sold the data, which the hackers claimed included “data dumps of mail servers, confidential documents, contracts and much more sensitive material.”

“On March 28, the data extortion group ShinyHunters made the stolen data publicly available on their dark web leak site,” CERT-EU said. “The published dataset was approximately 91.7 GB compressed (340 GB uncompressed),” it added.