ESA calls police

ESA calls police as criminals lift 500 GB of files; security gap reportedly still open Source: www.theregister.com/2026/01/0… The European Space Agency on Wednesday confirmed another major security breach and told The Register that the data thieves responsible will be subject to a criminal investigation. The scope of the incident could be significant. Earlier in the week, Scattered Lapsus$ Hunters reported that they gained initial access to ESA servers in September by exploiting a public CVE. They claim to have exfiltrated 500 GB of highly sensitive data, including operational procedures, spacecraft and mission details, subsystem documentation, and proprietary contractor information. The stolen data reportedly involves ESA partners such as SpaceX, Airbus Group, and Thales Alenia Space, among others. According to the attackers, the security vulnerability remains unremediated, allowing continued access to ESA’s live systems.