Skip to content

Lapsus$ Publishes Vodafone Source Code After Extortion Attempt Fails

On Point: Vodafone refused to pay Lapsus$ extortionists, prompting the group to publish source code and infrastructure documentation—confirming security leadership’s stance against ransom payments.

Cybercriminal gang Lapsus$ has posted approximately 180 gigabytes of Vodafone data to the dark net after a thwarted ransom demand, including source code and network diagrams. The corporation confirms unauthorized access from March 2026 but characterizes the incident as limited.

Extortion group Lapsus$ has, according to its own claims, stolen 180 gigabytes of Vodafone data and uploaded it to the dark net in an archive named “VODA_FULL_DUMP.tar.xz”. According to the group, this contains software source code, infrastructure documentation, GitHub repositories and internal network diagrams. The publication was preceded by an extortion attempt in which the gang demanded ransom—Vodafone did not pay.

Vodafone confirms to media reports that unauthorized access to systems occurred. According to the company, the data breach took place in March 2026, with publication following on May 10. The corporation characterizes the quantity of affected source code files as “very limited” and states that its own security infrastructure detected and contained the incident already in March. Vodafone withholds details about the attack sequence and the amount of the extortion demand.

Critical for CISOs: Vodafone signals that confidential customer data was not copied and internal production systems and networks remained inaccessible. This statement should be independently verified. Also important for risk assessment is the fact that source code and network diagrams expose real attack surfaces—malicious actors can use them to systematically search for vulnerabilities. CISOs should examine Vodafone environments for persistence mechanisms and lateral movement traces that may extend beyond March.

From an attacker’s perspective, the publication was a reaction to non-payment. Vodafone’s refusal to pay follows established recommendations from cybersecurity professionals: ransom payments offer no guarantee of data deletion and stabilize the criminal business model. However, the publication underscores that data protection in the context of ransomware is not a negotiation outcome—data remains public.


Source: www.it-daily.net · Published June 1, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.

Share on: