Global drug company AstraZeneca ‘hacked’ by teenage cyber gang
A global drug company which pioneered the Covid vaccine has been victim of a cyber attack, Metro can reveal.
AstraZeneca was breached by international teenage hacker network Lapsus$, according to multiple posts from the group.
There are fears that confidential software, data and employee records were allegedly stolen.
The ‘cyber incident’ was confirmed by the Information Commissioner’s Office (ICO), which organisations must report a data breach to if it poses a risk to people’s rights and freedoms.
A spokesperson for the ICO told Metro: ‘AstraZeneca made us aware of a cyber incident in March 2026. After assessing the information, we provided guidance, and the case has since been closed with no formal action.’
AstraZeneca, a billion-dollar British-Swedish pharmaceutical firm, declined to comment.
The breach was claimed online by Lapsus$ at the end of March, according to Dark Web posts seen by numerous commentators and hacking trackers.
The group claims to have taken 3GB worth of data including source code, employee records and cloud infrastructure.
The hackers were trying to sell the data to the highest bidder, according to Dark Web posts cited by multiple cyber outlets.
Source code is the programming for software and cloud infrastructure is the network of servers and storage that makes up a cloud network.
Lapsus$ also claims to have taken API Keys, which is a unique string of randomly generated characters that is used to grant access to an application or user.
Who are Lapsus$?
Lapsus$ is an international hacker group known for data extortion.
It has breached major companies such as Microsoft and Nvidia in attacks that have shocked the cyber security world.
The gang is thought to mostly be teenagers and has had confirmed members from the UK.
A court found an 18-year-old Arion Kurtaj, from Oxford, was part of the network in a trial in 2023.
Lapsus$ uses con-man like tricks as well as computer hacking to gain access to targets.
The group is known to taunt targets publicly and celebrate crimes online.
Lapsus$ has even been known to listen in on victims’ conference calls to discuss the breach response, Microsoft has previously said.
AstraZeneca shot to worldwide recognition for its instrumental role in developing a Covid-19 vaccine which was released to more than 170 countries.
The firm, headquartered in Cambridge, is working on critical healthcare projects including initiatives to cure cancer and understand rare diseases.
The confirmation of the AstraZeneca incident comes after the government confirmed the details of 500,000 volunteers of the database Biobank have been offered for sale online following a data breach.
Technology minister Ian Murray said information of all half a million members of the database was found listed for sale on the website Alibaba.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.