SQ Magazine

Smarter Insights for a Fast-Moving Digital World

AstraZeneca Data Breach Claimed by LAPSUS$ Hackers

Published on: March 23, 2026
As Featured In
The New York Times LogoForbes LogoWired LogoDeloitte LogoResearch.com Logo

A hacking group claims it has accessed AstraZeneca’s internal systems and is now attempting to sell sensitive company data online.

Quick Summary – TLDR:

  • LAPSUS$ claims to have stolen around 3GB of AstraZeneca internal data.
  • Data allegedly includes source code, cloud configurations, and access credentials.
  • Hackers are selling the data privately instead of releasing it publicly.
  • AstraZeneca has not confirmed or denied the breach so far.

What Happened?

The hacking group LAPSUS$ has resurfaced, claiming it breached AstraZeneca’s internal systems and exfiltrated sensitive data. The group is now advertising the stolen dataset on underground forums, offering it for sale to interested buyers.

LAPSUS$ Returns With a New Strategy

The group appears to be shifting tactics. Instead of releasing stolen data publicly, LAPSUS$ is attempting to directly monetize access by selling it through private negotiations. Buyers are asked to contact the attackers via secure messaging platforms to place bids.

This quieter approach makes it harder for security researchers to verify the full scope of the breach. So far, only sample data and screenshots have been shared as proof.

What Data Has Been Claimed as Stolen?

According to the attackers, the dataset is packaged in a compressed archive of about 3GB and includes several critical components:

  • Source code from Java Spring Boot services, Angular frontends, and Python scripts.
  • Cloud infrastructure configurations using AWS, Azure, Terraform, and Ansible.
  • Sensitive credentials such as private cryptographic keys, Vault data, and tokens linked to GitHub and Jenkins.
  • Employee and contractor data, including roles, permissions, and onboarding records.

If these claims are accurate, this combination of data could provide deep visibility into AstraZeneca’s development pipelines and cloud environments.

Newsletter
Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.

Analysis of Leaked Samples

Early reviews of the sample data suggest that parts of it may be genuine. One dataset appears to mirror GitHub Enterprise exports, showing:

  • Employee names and usernames.
  • Access roles such as Owner and Member.
  • Two factor authentication status.
  • Organizational permissions across repositories.

Another dataset includes third-party contractor information, such as email addresses, company affiliations, and internal access requests. This type of data could increase the risk of targeted phishing and social engineering attacks.

A third dataset labeled as financial information appears to be generic and not directly tied to AstraZeneca, suggesting it may have been included to add volume rather than value.

Supply Chain and Operational Risks

One of the most concerning aspects of the alleged data breach is the exposure of an internal repository linked to a supply chain portal. This system is believed to handle:

  • Demand forecasting
  • Inventory tracking
  • Product data management
  • Integration with SAP systems
  • Delivery performance metrics

If attackers have access to such systems, it could potentially impact logistics operations and data integrity across AstraZeneca’s supply chain.

Why Credentials and Infrastructure Matter Most?

Security experts often consider access credentials and infrastructure configurations as the most critical elements in any breach. If the claimed private keys and tokens are valid, attackers or buyers could:

  • Gain access to internal repositories.
  • Manipulate code or software builds.
  • Deploy malicious updates.
  • Access cloud workloads and sensitive environments.

This could escalate the incident from a data exposure to a full scale system compromise.

No Official Response Yet

As of now, AstraZeneca has not released any official statement confirming or denying the breach. This leaves several key questions unanswered, including:

  • Whether the data is authentic.
  • How the attackers gained access?
  • Whether affected systems have been secured.

The lack of confirmation also makes it difficult to assess the true impact of the incident.

SQ Magazine’s Takeaway

I think this situation is more serious than it may look at first glance. When hackers move from public leaks to quiet data sales, it becomes harder to track and even harder to respond quickly. What worries me most is not just the data itself, but the access behind it. If those credentials are real, this could open the door to deeper and long term damage. Companies need to act fast in such cases, even before full confirmation comes in.

This article has been reviewed and fact-checked by Robert A. Lee. SQ Magazine follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content.

Add SQ Magazine as a Preferred Source on Google for updates! Follow on Google News
Sofia Ramirez

Sofia Ramirez

Senior Tech Writer

Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps readers stay informed and secure in today’s fast-changing tech landscape. Passionate about making cybersecurity accessible, Sofia blends research-driven analysis with straightforward explanations; so whether you’re a tech professional or a curious reader, her work ensures you’re always one step ahead in the digital world.

Related Posts

Disclaimer: The content published on SQ Magazine is for informational and educational purposes only. Please verify details independently before making any important decisions based on our content.

Reader Interactions

Leave a Comment

Company
Discover
Categories
Internet
Technology
Artificial Intelligence
Gaming
Cybersecurity
Categories
Cybersecurity
Artificial Intelligence
Internet
Technology
Gaming