349/68 Thursday, September 18, 2025
Google has confirmed that malicious actors created a fake account to access its Law Enforcement Request System (LERS), an online portal used by government agencies and law enforcement officials to submit and track user data requests. The company stated that the fraudulent account was immediately disabled and emphasized that no data requests were made and no user data was accessed through the unauthorized account.
This incident follows claims by the cybercrime group “Scattered Lapsus$ Hunters” on Telegram, alleging that they had gained access to both Google’s LERS system and the FBI’s eCheck background verification system. If successful, such intrusions could pose severe risks to privacy and national security, as attackers might submit fraudulent data requests, manipulate background check results, and undermine the credibility of key institutions.
The group is known for its sophisticated attack chain, which typically begins with social engineering tactics-tricking employees into linking Salesforce Data Loader to organizational accounts to exfiltrate data. They have also breached Salesloft’s GitHub repository, using tools like Trufflehog to harvest authentication tokens from Drift for further attacks. These operations have already impacted multiple global enterprises. Most recently, on September 11, the group posted a “Goodbye” message on BreachForums, leaving behind a taunting remark that their name would continue to appear in future data breach reports involving corporations and government agencies.
