Last updated 1 month ago
Pharmaceutical company AstraZeneca experienced a data breach claimed by the Lapsus$ cybercrime group. The group exfiltrated approximately 3GB of sensitive data, including internal credentials, authentication tokens, proprietary code repositories in Java, Angular, and Python, and employee information. The company has not yet confirmed the breach publicly.
The attack involved unauthorized access to internal systems, resulting in the theft of source code and sensitive internal data. Lapsus$ publicly claimed responsibility for the breach, though specific initial access vectors and exploitation techniques remain unconfirmed. The compromised data includes internal credentials and tokens that could facilitate further unauthorized access to corporate systems.
No post-incident developments regarding regulatory actions, litigation, ransom payments, or remediation milestones were confirmed in the available information.
This breach demonstrates the continued targeting of healthcare and pharmaceutical organizations by cybercrime groups seeking intellectual property and sensitive internal data. The compromise of internal credentials and tokens suggests potential weaknesses in identity and access management controls, particularly for protecting source code repositories and development environments. Organizations in regulated industries must implement enhanced monitoring for unauthorized access to critical intellectual property and sensitive employee data.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor