After a short “vacation” the hacking gang Lapsus$ is back. In a post shared on the group’s Telegram channel on Wednesday, Lapsus claimed to have stolen $70GB of data from Globant – an international software development company headquartered in Luxembourg that has some of the world’s largest companies as customers.
Screenshots of the hacked data, originally posted by Lapsus$ en shared on Twitter from security researcher Dominic Alvieri, was found to show folders with the names of a range of global companies: among them were delivery and logistics company DHL, US cable network C-Span and French bank BNP Paribas.
Also in the list were tech giants Facebook and Apple, with the latter named in a folder titled “apple-health-app.” The data appears to be development material for Globant’s BeHealthy app, described in a previous press release as software co-developed with Apple to track employee health behaviors using features of the Apple Watch. Neither Apple nor Globant responded to a request for comment at the time of publication.
On Telegram, Lapsus$ shared a torrent link to the allegedly stolen data with a message announcing, “We’re officially back from vacation.”
If confirmed, the leak would show a rapid return to activity after seven suspected members of Lapsus$ were arrested by British police less than a week ago.
The arrests, first reported on March 24 by BBC newswere carried out by the City of London police after a year-long investigation into the alleged ringleader of the gang, who is believed to be a teenager living with his parents in Oxford† On the other side of the Atlantic, the FBI is also… looking for information about Lappus$ related to the infringement on US companies.
The Lapsus$ gang has been remarkably prolific in the range and scale of companies they have violated, having previously extracted data from a number of well-known tech companies, including Nvidia, Samsung, Microsoft and Vodafone†
Most recently, Lapsus$ has been in the spotlight for a hack that compromised the Okta authentication platform, leaving thousands of companies on high alert for subsequent breaches. The latest hack was an embarrassment to a company that provides security services to other companies and sparked criticism of Okta for its slow disclosure.
Correction, 13:38 ET: An earlier version of this post exaggerated the connection between the breached data and Apple. The data labeled as “apple health” was not data from Apple itself, but from an app co-developed with Apple. The Verge regrets the mistake.