Lapsus$, an infamous cybercrime gang, had previously breached high-profile companies such as Microsoft, NVIDIA, and Samsung. Recently they claimed responsibility for the data breach targeting Globant, a Luxembourg-based software service company, thereby announcing their return after a brief ‘vacation’.
An message regarding the attack was shared on Lapsus$’ official Telegram channel along with screenshots of the stolen data and credentials belonging to the company’s DevOps infrastructure. Additionally, the image of a torrent file that seem to contain 70 GB of data (described as customers source code) from Globant was also released.
On March 30, Globant issued a statement addressing the attack, noting that “the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.” The report also added that the company has activated its security protocols and a thorough investigation is underway.