AstraZeneca, a UK-based pharmaceutical company, has been named by a cybercriminal group claiming to have stolen internal company data, including source code and infrastructure-related information, according to reports and security researchers.
The claims were published on an underground forum associated with the LAPSUS$ hacking group, which stated it had obtained approximately 3 GB of data from the company. The group said the dataset includes internal code repositories, employee-related information, and access credentials.
According to the group’s statements, the alleged data includes application source code written in Java, Angular, and Python, as well as configuration files and internal project structures. The attackers also claimed access to cloud infrastructure references linked to services such as AWS, Azure, and Terraform.
The hackers further stated that the dataset contains credentials, tokens, and other access-related information, including references to private keys and internal systems. Security researchers reviewing samples said the material appears to include elements such as GitHub Enterprise user data, including employee roles and account details, as well as corporate email addresses.
Posts attributed to the group indicate that the data has been advertised on dark web platforms. In some cases, the attackers appear to be offering access to the dataset rather than releasing it publicly, according to security reporting.
At the time of reporting, the claims had not been independently confirmed, and AstraZeneca had not issued a public statement addressing the alleged breach. Security researchers noted that information shared on underground forums may be incomplete or exaggerated, and verification remains ongoing.
Samples shared by the attackers suggest that the data may include internal repository structures and employee-related records. Researchers said that if confirmed, such access could expose technical details about internal systems and development processes.
The incident follows previous activity linked to the LAPSUS$ group, which has claimed responsibility for multiple high-profile breaches involving corporate data and cloud-based systems.