European Space Agency Suffers Massive Data Theft by Scattered Lapsus$ Hunters
Learn More
The European Space Agency (ESA) is facing a major security crisis after a second large-scale data breach in less than two months. In January 2026, a cybercrime group known as Scattered Lapsus$ Hunters claim a breach into ESA systems and theft of 500GB of data.
This attack follows a December 2025 incident where a hacker named 888 stole 200GB of files. ESA officials have confirmed that a criminal investigation is now underway to address these incidents.
The January breach targeted sensitive operational and partner information. Attackers reportedly exploited an unpatched vulnerability to gain access. The compromised data includes:
- Operational procedures and spacecraft mission details
- Subsystems documentation
- Proprietary contractor data from SpaceX, Airbus, and Thales Alenia Space
- Source code and SQL database files
- API tokens and hardcoded credentials
- Documents related to the Ariel space telescope mission
The number of affected individuals is not disclosed.
Security researchers suggest that poor internal practices made these attacks possible. Credentials for ESA staff are frequently found for sale on dark web marketplaces. The agency has a history of security issues, including a 2024 incident where its merchandise store was hit by credit card skimming code. In 2015, a breach linked to the Anonymous collective exposed employee passwords and subscriber data.
