The Lapsus$ hacking group first made headlines when it waged a ransomware attack against the Brazilian Ministry of Health in December 2021, compromising the COVID-19 vaccination data of millions within the country.
Since then, it has targeted a number of high-profile technology companies, stealing data from Nvidia, Samsung, Microsoft, and Vodafone. Lapsus$ also managed to disrupt some of Ubisoft’s services and also gained access to an Okta contractor’s laptop, putting the data of thousands of companies that use the service at risk. It’s also suspected to be behind last year’s attack on EA Games.
Shortly after the attack on Okta, a report pinned an England-based teenager as the mastermind behind the hacking group and said another teen member may reside in Brazil. One member of the group is reportedly so skilled at hacking that researchers thought their work was automated. On March 24th, the London police made seven arrests in connection with the Lapsus$ group, all of whom are teenagers.
Here are all the latest updates on the Lapsus$ group.
Police didn’t identify the suspect, but many personal details mirror information uncovered during arrests this spring targeting members of the Lapsus$ hacking group
The hack occurred a few days before dozens of GTA VI videos were leaked
Rockstar says it ‘suffered a network intrusion’
A massive leak shows early footage of Grand Theft Auto VI
No customer or government data was compromised
A forensic report concluded that the scope of access was far smaller than first thought, but customer trust may be hard to recover
The group shared 70GB of files mentioning a range of global businesses
Reports surfaced Wednesday indicating a teenager is the group’s mastermind
A Bloomberg report has more details on the group’s supposed leader
Chief security officer David Bradbury said that ‘least privilege access’ protocols had contained the worst effects, but criticized a slow forensic report
Lapsus$ says it has accessed data from Okta, Nvidia, Samsung, and Ubisoft
Okta lists Peloton, Sonos, T-Mobile, and the FCC among its 15,000 customers
Ubisoft says it experienced a ‘cyber security incident’, and the purported Nvidia hackers are taking credit
Ubisoft believes no personal player information was exposed
The same group behind a recent Nvidia hack has claimed responsibility
Have I Been Pwned says the hackers cracked Nvidia employees’ emails
Last week, it confirmed it was investigating an “incident”
There’s nothing yet linking it to the Russia-Ukraine conflict