LAPSUS$ Claims AstraZeneca Data Breach, Leaks 3GB of Sensitive Internal Data The threat actor group LAPSUS$ has claimed responsibility for a data breach targeting AstraZeneca, one of the world’s largest pharmaceutical and biotechnology companies. According to posts on hacker forums and the group’s official website, the breach allegedly yielded 3GB of internal data, including source code, cloud infrastructure configurations, employee records, and access credentials. ### What Was Allegedly Stolen? LAPSUS$ claims the stolen data includes: - Employee-related datasets (names, roles, permissions) - Source code (Java, Angular, Python) - Secrets and credentials (private keys, vault data) - Cloud infrastructure details (AWS, Azure, Terraform configurations) The group has shared sample files in .tar.gz format to support its claims and is attempting to sell the data to the highest bidder. A screenshot of the forum post displays AstraZeneca branding alongside a negotiation session ID. ### Analysis of Leaked Samples Security researchers at Hackread.com reviewed the sample data, categorizing it into three main groups: 1. GitHub Enterprise User Data - Contains employee names, GitHub usernames, roles (including "Owner" privileges), and 2FA status. - The structured format suggests authentic internal exports, posing a high risk if genuine exposing access hierarchies and enabling privilege escalation attacks. 2. Third-Party/Contractor Access Data - Includes internal user IDs, full names, email addresses, and access logs for external collaborators (e.g., IQVIA, Parexel, Labcorp). - The presence of operational comments indicates real internal workflow data, increasing the risk of targeted phishing or social engineering attacks. 3. Generic Financial Data - Contains high-level financial statistics (assets, salaries, income) labeled "All industries." - Likely public or non-sensitive, included to inflate the sample’s perceived value. ### Assessed Impact & Risks | Data Type | Sensitivity | Potential Impact | |-----------------------------|----------------|----------------------| | GitHub enterprise roles | High | Privilege escalation, internal mapping | | Employee/contractor data | Moderate-High | Phishing, social engineering | | Cloud infrastructure configs | Critical | Full environment compromise | | Generic financial data | Low | No direct risk | While the GitHub and contractor data appear authentic, the cloud infrastructure and credential claims remain unverified. No direct evidence of secrets or private keys was found in the reviewed samples. ### Current Status As of publication, AstraZeneca has not confirmed the breach, and the claims remain unverified. The company has been contacted for comment, with updates pending. LAPSUS$’s involvement is also unconfirmed, as attribution in cybercrime forums is often unreliable.

Companies House Security Flaw Exposes Private Data of UK Business Directors A critical vulnerability in the UK’s Companies House WebFiling system exposed sensitive details of directors at millions of registered businesses, including AstraZeneca, Shell, and Tesco. The flaw, discovered last Friday, forced the agency to temporarily shut down its online filing service before restoring it on Monday morning. The bug allowed logged-in users to access confidential data such as dates of birth and residential addresses of key personnel from the 5 million companies on the register. More alarmingly, it permitted unauthorized changes to directors’ contact details, including addresses and emails, without consent. Security researcher John Hewitt of Ghost Mail identified the issue, which could be triggered by pressing the back button four times while viewing a company’s profile. An internal investigation traced the vulnerability to a system update implemented in October 2023. Companies House CEO Andy King confirmed that no evidence of unauthorized data access or alterations has been found, though the review remains ongoing. The agency has urged businesses to verify their registered details for accuracy. The incident is now under scrutiny by the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC). Companies House has advised affected businesses to file complaints if they suspect any misuse of their data.

Pharmaceutical giant AstraZeneca suffered a data breach incident after it left a list of credentials online for more than a year that exposed access to sensitive patient data. A developer left the credentials for an AstraZeneca internal server on code-sharing site GitHub in 2021. Credentials, like usernames and passwords, that are exposed or inadvertently published to sites like GitHub

EResearch Technology was recently hit by a variant of the Ryuk ransomware, the company confirmed to Information Security Media Group. In order to reduce risks, safeguard the data of their clients, and improve their systems, ERT employed top-tier, independent cybersecurity investigators. According to the firm, no sensitive information about patients or confidential data linked to clinical trial activities has been taken, compromised, or stolen as of this point in the inquiry. While they experienced the system being offline, they recommended their clients take precautions.