A threat group calling itself Scattered LAPSUS$ Hunters has claimed responsibility for breaching a string of major international corporations, posting data samples on its Telegram channel as proof. The group, whose name appears to reference the notorious Lapsus$ and Scattered Spider extortion groups, has leaked data from companies across the technology, aviation, and telecommunications sectors.
The latest list of alleged victims posted by the group includes:
- Dell (🇺🇸): An American multinational technology corporation that develops, sells, repairs, and supports computers and related products and services.
- Telstra (🇦🇺): An Australian telecommunications company that builds and operates telecommunications networks and markets voice, mobile, internet
access, and other products and services. - Kuwait Airways (🇰🇼): The national airline of Kuwait, with its head office on the grounds of Kuwait International Airport.
- Lycamobile (🇫🇷): A mobile virtual network operator (MVNO), with the data samples suggesting customers in France have been impacted.
- Verizon (🇺🇸): An American multinational telecommunications conglomerate and a global leader in providing technology and communications services.
- True Corporation & dtac (🇹🇭): Major telecommunications operators in Thailand which have recently completed a merger, serving a substantial portion of the Thai mobile market.
According to the threat actor, the compromised data is extensive and varies by victim, including sensitive personal and technical information. The allegedly stolen data includes:
- Full names
- Physical addresses
- Phone numbers
- Email addresses
- Dates of birth
- Job titles
- Passport numbers, expiry dates, and national ID numbers
- IP addresses
- Customer order details and product serial numbers
- Mobile carrier, subscription, and plan details
- Technical mobile network data and call logs
