Beautiful Virgin Islands

Tuesday, Jun 24, 2025

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$.

The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers.

City of London Police say they have arrested seven teenagers in relation to the gang but will not say if he is one.

The boy's father told the BBC his family was concerned and was trying to keep him away from his computers.

Under his online moniker "White" or "Breachbase" the teenager, who has autism, is said to be behind the prolific Lapsus$ hacker crew, which is believed to be based in South America.

Lapsus$ is relatively new but has become one of the most talked about and feared hacker cyber-crime gangs, after successfully breaching major firms like Microsoft and then bragging about it online.

The teenager, who can't be named for legal reasons, attends a special educational school in Oxford.

City of London Police said: "Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing."

Playing online games


The boy's father told the BBC: "I had never heard about any of this until recently. He's never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games."

Microsoft is one of the victims of the Lapsus$ hacking group


"We're going to try to stop him from going on computers."

The BBC has also spoken to the boy's mother, who did not want to comment.

'Doxxed' online


"White" was outed - or "doxxed" - on a hacker website, after an apparent falling out with business partners.

The hackers revealed his name, address, and social media pictures.

They also posted a biography of his hacking career, saying: "After a few years his net worth accumulated to well over 300BTC [close to $14m]… [he is] now is affiliated with a wannabe ransomware group known as 'Lapsus$', who has been extorting & 'hacking' several organisations."

As first reported by Bloomberg, cyber-security researchers have been tracking "White" for nearly a year and have linked him to Lapsus$ and other hacking incidents.

"We've had his name since the middle of last year and we identified him before the doxxing," said Allison Nixon, chief research officer at cyber-security investigation company Unit 221B.

"Unit 221B working with [cyber-security company] Palo Alto after identifying the actor, watched him on his exploits throughout 2021, periodically sending law enforcement a heads-up about the latest crimes."

Mrs Nixon says researchers tracked him through a trail of activity linked through a nearly unbroken stream of the boy's online accounts.

"We did it by watching the post history of an account and seeing older posts provide contact information for the guy."

Mrs Nixon says the trail was followed thanks to mistakes "White" made in failing to cover his tracks.

Lapsus$ crew


The Lapsus$ cyber-extortion group has gained notoriety in a short space of time thanks to its high-profile targets and active presence on the messaging app Telegram. Its channel has grown to 47,000 subscribers.

The last message was posted on the channel on Wednesday, with the group saying: "A few of our members has a vacation until 30/3/2022. We might be quiet for some times. Thanks for understand us - we will try to leak stuff ASAP."

Okta says hundreds of its customers were affected by the cyber-attack


Chris Morgan, from cyber-security company Digital Shadows, says Lapsus$ has risen in prominence in recent months "after targeting several enterprise technology companies, breaching significant amounts of data and posting on to their dedicated Telegram data leak channel".

"Little is known of the origins of the group, however, given that Lapsus$'s initial activity was directed towards several organisations in Brazil, some researchers have speculated that the group is based in South America," Mr Morgan said.

In a Wednesday blog post, Microsoft said Lapsus$ had gained limited access to its system.

Security company Okta admitted that it too had been hacked by the group, with consequences for hundreds of its clients.

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
“You Have 12 Hours to Flee”: Israeli Threat Campaign Targets Surviving Iranian Officials
Macron and Merz: Europe must arm itself in an unstable world
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Airlines Evaluate Flight Cancellations Amid Escalating US-Iran Tensions
Starmer Invites Innovators to Join Government Talent Scheme
UK Economy’s Strong Opening Quarter Shows Signs of Cooling
Harrods Seeks Court Order to Secure Al Fayed Estate for Victims
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
WATCH: Israeli forces show the aftermath of a massive airstrike at Iran's Isfahan nuclear site
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
We have new information and breaking details to share about what is shaping up to be a historic air campaign tonight
Six Massive Bombs Dropped on Fordow; Trump: 'A Historic Moment for the U.S., Israel, and the World'
Fordow: Deeply Buried Iranian Enrichment Site in U.S.–Israel Crosshairs
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Pakistan to nominate Trump for Nobel Peace Prize.
BBC Demands Perplexity AI Immediately Stop Using Its Content
Telegram Founder: I Will Leave My Fortune to Over 100 of My Children
Political Turmoil Resurfaces in Belgium Amid Economic Concerns
Fed policymakers divided on timing of interest rate cuts
Trump signals imminent agreement with Harvard University
Inheritance tax referendum alarms Swiss billionaire community
Japan cancels bilateral security meeting amid US defence demands
AI skeptic Emily Bender warns that ‘the emperor has no clothes’
Israel Confirms Assassination of Quds Force Commander in Tehran
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
FBI and Senate Investigate Allegations of Chinese Plot to Influence the 2020 Election in Biden’s Favor Using Fake U.S. Driver’s Licenses
Vietnam Emerges as Luxury Yacht Destination for Ultra‑Rich
Plans to Sell Dutch Embassy in Bangkok Face Local Opposition
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump's $5 Million 'Trump Card' Visa Program Draws Nearly 70,000 Applicants
DGCA Finds No Major Safety Concerns in Air India's Boeing 787 Fleet
Airlines Reroute Flights Amid Expanding Middle East Conflict Zones
Elon Musk's xAI Seeks $9.3 Billion in Funding Amid AI Expansion
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Taiwan Imposes Export Ban on Chips to Huawei and SMIC
Israel has just announced plans to strike Tehran again, and in response, Trump has urged people to evacuate
Netanyahu Signals Potential Regime Change in Iran
Juncker Criticizes EU Inaction on Trump Tariffs
EU Proposes Ban on New Russian Gas Contracts
×