U.K. police arrested seven people aged 16 to 21 over suspected links to Lapsus$, the extortion-focused hacking group tied to intrusions at Microsoft, Nvidia, Samsung, Ubisoft, Okta, and other major firms. Reporting identified a 16-year-old near Oxford as a suspected central figure, while investigators and journalists described the group as a loose set of mostly young operators who stole data, leaked source code and internal documents, and taunted victims publicly on Telegram and other platforms. Microsoft confirmed the group obtained source code through limited access, reinforcing the scale and credibility of the campaign.
The activity continued to expand as Globant disclosed unauthorized access to a limited portion of its code repository after Lapsus$ leaked 70GB of allegedly stolen data. The company said the exposed material appeared limited to certain source code and project documentation for a small number of clients, and that it had not found evidence of broader compromise. Coverage of the group highlighted that its operators often relied on comparatively simple but highly effective tactics—including social engineering, SIM swapping, MFA fatigue attacks, and attempts to bribe insiders—showing how basic intrusion methods enabled a string of high-profile breaches and data leaks.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
12 events from the most recent confirmed update back to the earliest known activity.
A UK court ordered the teenager linked to Lapsus$ and the GTA 6 hack to be detained indefinitely in a secure hospital after sentencing. The ruling marked a major legal outcome in the case following the group's earlier arrests and charges.
Brazil's Federal Police announced the arrest in Feira de Santana, Bahia, of the main Brazilian suspect believed to be part of the Lapsus$ group. Authorities said the action followed Operation Dark Cloud, which investigates cyberattacks against Brazil's Ministry of Health and other federal entities linked to late-2021 intrusions.
UK authorities charged two teenagers in connection with hacking activity linked to the Lapsus$ group. The charges marked an escalation from the earlier arrests of seven suspects who had initially been released under investigation.
Globant confirmed that a limited section of its source code repository had been accessed without authorization and said the exposed material appeared restricted to certain source code and project documentation for a very small number of clients. The company said it activated security protocols and began an investigation, with no evidence at that time of broader compromise.
Lapsus$ published roughly 70GB of data it said was stolen from IT services firm Globant, extending the group's run of public data leaks against major corporate targets.
City of London Police arrested seven people aged 16 to 21 in connection with an investigation into the Lapsus$ hacking group. Authorities said all were later released under investigation while inquiries continued.
Investigators and cyber researchers reported that a 16-year-old living near Oxford, England, was suspected to be a central figure in Lapsus$, alongside other possible members including a teenager in Brazil.
Microsoft said the group it tracks as DEV-0537, publicly associated with Lapsus$, obtained limited access to one account and stole portions of source code repositories. The company said no customer code or data was involved and published details on the group's tactics, including social engineering and MFA fatigue attacks.
Okta disclosed that attackers had gained access to a laptop belonging to a third-party customer support engineer, an incident widely tied to Lapsus$ activity and later used by the group to publicize screenshots and claims.
Lapsus$ claimed it had breached Ubisoft, adding the game publisher to a growing list of prominent organizations targeted by the group.
Samsung was identified as another major victim of Lapsus$, with the group stealing and publishing source code and internal materials as part of its ongoing campaign against technology firms.
Lapsus$ was linked to an intrusion at Nvidia in which the group stole and leaked internal company data, helping establish the group's profile through high-impact extortion and data-theft activity.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
13 references tracked. Mallory keeps watching after this page renders.
bbc.co.uk
Open sourceapp.tidalcyber.com
Open sourcebbc.com
Open sourcearstechnica.com
Open sourcebleepingcomputer.com
Open sourcetheverge.com
Open sourcetheverge.com
Open sourcegov.br
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.