Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information.
The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach.
Even if stolen data doesn’t include passwords, this information could help attackers map systems, launch phishing attacks, and target internal operations, making the incident potentially serious if confirmed.
The group claimed the security breach on a dark web post, if confirmed, it could be one of the most serious healthcare cyber incidents this year.
“An alleged breach involving AstraZeneca was advertised on a Dark Web forum and also appeared on a data leak site associated with LAPSUS$.” reported SocRadar. “The listing claims the attackers obtained a large archive containing internal data, including source code, infrastructure-related material, and access-linked information.”
EXPLORE MORE
Eyes in the Sea: CENTCOM Declassifies Intercept of Iranian Mohajer-6
In a surgical display of maritime air defense, U.S. Central Command (CENTCOM)…
Sega Saturn Soul, Modern Power: The 32-Bit Brilliance of Little-Polygon
If you grew up with a steady diet of Macross, Gundam, or…
Haifa in the Crosshairs: Iranian Submunitions Strike Israel’s Critical Energy Hub
March 30, 2026 — Dense black smoke is once again clouding the…
Mobius 1 and Yellow 13: The Complete Ace Combat 04 Opening Story Transcript
I. Prologue: The Fall of the Stars I was just a child…
U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in…
The alleged breach of AstraZeneca is significant because healthcare organizations hold highly valuable assets, including intellectual property, sensitive data, and critical infrastructure. Even without patient data, exposing code, systems, or credentials can enable further attacks, disrupt operations, and increase extortion risks.
“At this stage, the safest framing is that the breach was claimed by LAPSUS$ through Dark Web-related channels and a breach listing attributed to the group. The listing on the threat actors’ data leak site appears to advertise AstraZeneca data for sale.” continues the report.
AstraZeneca has not yet confirmed the alleged breach or publicly addressed the extortion group’s claims.
The incident, claimed by Lapsus$, fits a broader trend of targeting healthcare for leverage. The leaked archive appears large and structured, containing code, configurations, and operational data, suggesting a serious internal exposure rather than a minor leak, if confirmed.
