How does someone normally gain access to Google LERS?

To gain access to LERS, users must be pre-approved by Google. Simply having an agency email address is not sufficient - law enforcement personnel need to be specifically added to Google's approved list through a verification process.

How did the cybercriminals gain access to Google LERS?

The exact method is unclear, raising questions about whether Google's approval system has flaws or if the attackers successfully impersonated law enforcement personnel to bypass the pre-approval requirement. Google has not disclosed the specific attack vector.

Was any data accessed through the fraudulent Google LERS account?

According to Google, no requests were made with the fraudulent account and no data was accessed. The company claims to have identified and disabled the unauthorized account before any sensitive information was compromised.

What did Google do in response to the LERS security breach?

Google disabled the fraudulent account and has since bolstered security measures, including enhanced verification and monitoring. However, the company has not disclosed specific details about additional remediation measures beyond account termination.

What other systems did Scattered Lapsus$ Hunters claim to access?

Beyond Google's LERS portal, the group claimed to have gained access to the FBI's eCheck background check system, suggesting a broader campaign targeting law enforcement and government systems used for sensitive data requests and background checks.

What are the implications of the Google LERS breach?

The breach raises serious concerns about the security of law enforcement request systems and the potential for criminals to impersonate legitimate agencies. Even without data being accessed, it demonstrates vulnerabilities in critical systems used for sensitive government and law enforcement operations.

Why is the Google LERS breach particularly concerning?

This breach is concerning because LERS handles sensitive law enforcement data requests that could expose private user information if compromised. The incident highlights the need for robust verification processes for systems that bridge private companies and government agencies, and raises questions about similar vulnerabilities in other tech companies' law enforcement portals.

Incident

Google confirms breach of their Law Enforcement Request System, fradulent account created

Q: What happened with Google's Law Enforcement Request System?

Google confirmed that cybercriminals created an unauthorized account in its Law Enforcement Request System (LERS), a portal used by police and intelligence agencies worldwide to submit subpoenas, court orders, and emergency disclosure requests for user data.

Q: Who claimed responsibility for the Google LERS breach?

A group of threat actors calling itself 'Scattered Lapsus$ Hunters' claimed on Telegram to have gained access to both Google's LERS portal and the FBI's eCheck background check system. The group posted screenshots of their alleged access shortly after announcing they were 'going dark.'

Q: What is Google's Law Enforcement Request System (LERS)?

LERS is a portal used by police and intelligence agencies worldwide to submit subpoenas, court orders, and emergency disclosure requests for user data from Google. It's a critical system that handles sensitive law enforcement data requests.

published: Sept. 16, 2025

Learn More

Google has confirmed that cybercriminals created an unauthorized account in its Law Enforcement Request System (LERS), a portal used by police and intelligence agencies worldwide to submit subpoenas, court orders, and emergency disclosure requests for user data.

A group of threat actors calling itself "Scattered Lapsus$ Hunters" claimed on Telegram to have gained access to both Google's LERS portal and the FBI's eCheck background check system. The group posted screenshots of their alleged access shortly after announcing on Thursday that they were "going dark".

"We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account," Google told BleepingComputer. To gain access to LERS, one must be pre-approved by Google. Simply having an agency email address won't suffice - they need to be added to Google's approved list.

This raises the question - how did the criminals do it? Either Google's approval system is flawed, or the attackers managed to impersonate law enforcement personnel. In both cases, this looks like very advanced social engineering.

Google claims "No requests were made with this fraudulent account, and no data was accessed"

The company has not disclosed specific remediation measures beyond account termination, though Google has since bolstered security measures, including enhanced verification and monitoring.

Google confirms breach of their Law Enforcement Request System, fradulent account created

Read More
Pax8 Data Leak Exposes 1,800 MSP Partners
Chipmaker Nexperia hit by ransomware attack
Israeli cybersecurity firm Radware hacked and customer data …
HackerOne reports data breach through third-party Salesforce Drift …
Aura Data Breach: Vishing Attack Exposes 900,000 Marketing …