Thought Leadership
After a reportedly failed extortion attempt, the cybercrime group Lapsus$ has published around 180 GB of data from Vodafone, including software source code and network plans. According to the company, no customer data appears to be affected.
The telecommunications provider Vodafone has been targeted by the extortion group Lapsus$. The attackers gained access and copied, among other things, software source code. After alleged ransom demands reportedly went unanswered, the data has now been released publicly online. Vodafone’s decision not to pay aligns with standard cybersecurity recommendations: ransom payments are generally discouraged, as they do not guarantee data deletion and further fuel the attackers’ business model.
According to the group, the leaked material includes a broad set of internal data. In addition to source code files, it reportedly contains documentation of the entire infrastructure, a GitHub tree, and internal network maps. The data has been published as an archive named “VODA_FULL_DUMP.tar.xz”, which the group claims is around 180 GB in size. The file is linked and available for direct download via the gang’s dark web site.
What Vodafone confirms — and what it does not
In a statement to heise online, Vodafone confirmed the data leak. According to the company, the unauthorized access occurred in March 2026, while the publication of the copied data took place on May 10. Only a very small number of source code files were affected, according to Vodafone. The company also states that its internal security systems detected and contained the incident back in March.
Vodafone also provides reassurance regarding customer impact: according to the company, no sensitive customer data was copied. Internal systems were also not accessed, meaning neither infrastructure nor networks or production systems were affected.
The company has so far provided limited details about the attack itself. Which systems were specifically compromised and the size of the ransom demand remain undisclosed.
