A known hacking collective identifying as LAPSUS$ has posted claims that it obtained and is attempting to sell a 3GB .tar.gz archive allegedly containing AstraZeneca internal data. As of the reports dated March 20, 2026, AstraZeneca had not issued a public statement confirming or denying the claim.
What the threat actors presented
The actors published teasers and screenshots on breach forums and offered password-protected paste samples as proof. They reportedly solicit buyers via privacy-focused messaging and have not released the full archive publicly, indicating an intent to monetize access rather than to immediately publish the data.
Alleged compromised assets (as reported)
| Asset Category | Compromised Components |
|---|---|
| Source Code | Java Spring Boot applications, Angular frontend frameworks, and various Python scripts. |
| Cloud Infrastructure | Terraform configurations for AWS and Azure environments, alongside Ansible roles used for automation and orchestration. |
| Secrets and Access | Private cryptographic keys, Vault credentials, and authentication tokens related to GitHub and Jenkins CI/CD pipelines. |
Notable repository references and operational context
Forum excerpts reference a root folder labeled AZU_EXFIL and an internal supply-chain portal named als-sc-portal-internal. The portal is described in the samples as related to forecasting, inventory tracking, product master data, SAP integration, and On-Time-In-Full (OTIF) delivery metrics—components central to distribution and logistics operations.
Current status and verification
At publishing, the claim remains unverified by independent forensic confirmation or by AstraZeneca. The public evidence is limited to partial screenshots and redacted samples posted by the actors. Security researchers and affected organizations typically treat such forum claims as allegations until validated by forensic analysis or vendor disclosure.
Why the content matters (brief)
If authenticated, exposed infrastructure code, CI/CD tokens, and cryptographic materials can present substantial security and operational risks, especially where supply-chain and production systems are involved. However, verification is needed to determine scope and impact.
Licensed under CC BY-ND 4.0 International
Anthropic’s Claude Mythos Leak: When Pre-Release Secrets Meet Cybersecurity Risk
Anthropic recently found itself at the center of an avoidable but consequential…
Lovable AI App Builder Reportedly Exposes Thousands of Projects’ Source Code and Customer Data
A critical Broken Object Level Authorization (BOLA) vulnerability in Lovable, an AI-powered…
Amazon Faces Months of Repairs After Drone Strikes Cripple Middle East Data Centers
Amazon Web Services says recovery from drone strikes that hit its data…
Meta inks deal for solar power at night, beamed from space
The race to keep massive AI workloads powered around the clock has…