If you ever doubted the link between Scattered Spider(tm) and LAPSUS$ - one of the people arrested today was a key part of the LAPSUS$ attacks a few years ago.
After almost 3 months, Marks and Spencer recruitment system came back online just now. First 4 jobs posted.
. @briankrebs has broken the story that the key member (and teenager) of LAPSUS$ runs Scattered Spider
https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/
@GossiTheDog @briankrebs the comments section is, uh, something
Co-op finally admitted the entire membership database was stolen
I had this in the thread months ago, they originally tried to deny it entirely then tried to say ‘some’ data was accessed when they knew it was the whole thing.
Personally I think Co-op did a really good job getting out of that situation and minimising impact.
I definitely think if you have a LAPSUS$ style advanced persistent teenagers situation, tilt towards open and honest comms as those kids will use secrecy against ya. It’s 2025, it’s okay to say you got hacked, people largely understand. Also, in IR, lawyers are usually stuck in 1980 advice - it’s just advice, they ain’t yo boss.
@gsuberland @GossiTheDog @briankrebs they're so edgy and cool