UK police charge 2 teenagers in connection with Lapsus$ hacks

Just a week after arresting seven individuals as part of its investigation into a series of cyberattacks conducted by the Lapsus$ hacking group, U.K. authorities have charged two teenagers with multiple cyber offenses.

In a statement on Friday, Detective Inspector Michael O’Sullivan from the City of London Police said that the two teenagers, aged 16 and 17, are charged with three counts of unauthorized access to a computer with the intent to impair the reliability of data, one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data. The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorized access to a program.

O’Sullivan said the pair remained in custody, and are due to appear at Highbury Corner Magistrates’ Court later on Friday.

When contacted by TechCrunch, City of London Police would not confirm the identities of the teenagers, whose names were not released as they are subject to U.K. reporting restrictions on identifying non-adults. However, a recent Bloomberg report revealed that a teenager based in Oxford, U.K. is suspected of being the mastermind of the Lapsus$ hacking group. Reporters tracked down the 16-year-old, who uses the online moniker “White” or “Breachbase,” after his personal information was published online by rival hackers.

This report was published just hours before City of London Police announced they had arrested seven people between the ages of 16 and 21 over their suspected connections to the Lapsus$ hacking group.The day after news of the arrests emerged, Lapsus$ told its 50,000-plus followers on Telegram that some of its members were taking “a vacation.” The group later denied that any of its members were arrested in March.

The Lapsus$ hacking group, which first surfaced in December 2021, this week returned with a new data breach victim: Luxembourg-based software development consultancy Globant. The group published a 70 gigabyte torrent file on its Telegram channel that contained data allegedly stolen from the company, which the hackers claim includes its corporate customers’ source code.

Other Lapsus$ victims include Okta, Microsoft, Nvidia and Samsung.