Lynx Hacking Group Behind UK MoD Data Breach: Sensitive Information Leaked
A Russian-based hacking collective known as Lynx has claimed responsibility for a major data breach involving the United Kingdom’s Ministry of Defence (MoD). The breach, which took place last month, reportedly compromised critical information about MoD staff, including emails that contained sensitive, potentially classified data.
Lynx alleges that the stolen data—estimated at around 4TB—was extracted from a Royal Navy contractor, Dodd Group, which handled various operational tasks for the military. The hacking group further stated that this data is now being sold on the dark web, available to any interested parties who might wish to exploit it.
How Did the Breach Happen?
The breach was made possible through a cyber-attack on Dodd Group, a third-party contractor that supports military operations. It’s an example of what’s known as a supply chain attack, where hackers infiltrate a less-secure system to gain access to the main target. In this case, Dodd Group’s servers were compromised, allowing the attackers to access a wide range of sensitive data related to the Armed Forces.
Among the stolen information were contractor names, car registration numbers, contact details, and most notably, the names, email addresses, and some physical addresses of MoD personnel. The hackers even accessed private information about MoD staff, putting them at risk of identity theft, physical harm, or other malicious activities.
This data theft comes at a time when the National Cyber Security Centre (NCSC) has been sounding the alarm about rising cyber threats. Just days before the breach was revealed, the NCSC reported that over 204 cyberattacks had been detected on UK government agencies in 2025 alone, underscoring the growing vulnerability of governmental and defense-related infrastructure.
Dodd Group Responds
In the wake of the breach, Dodd Group issued a formal apology, acknowledging its failure to secure its servers adequately. The company emphasized that it has taken immediate action to rectify the security lapses that led to the attack. Moving forward, Dodd Group assures that strengthened security measures will be in place to prevent similar incidents. However, questions remain about how such a large-scale breach could have occurred without detection, especially given the critical nature of the data involved.
8Base Ransomware Targets Volkswagen in Double Extortion Attack
In another high-profile cyber incident, the 8Base ransomware group has reportedly attacked Volkswagen, the German automotive giant, in a double extortion style attack. The hackers, who claim to have infiltrated Volkswagen’s servers, have threatened to leak sensitive information unless a ransom is paid. While Volkswagen has denied that its core IT infrastructure was affected, a Telegram source has suggested that the company’s Research and Development (R&D) data was compromised during the attack.
The Evolution of 8Base Ransomware
8Base is a relatively new name in the world of ransomware, but it is widely believed to be an offshoot of the notorious Phobos ransomware group, which was active until 2023. After going underground for several months, the group reemerged in September 2024 with a new identity and an updated ransomware variant. Known for employing double extortion tactics, 8Base not only encrypts files but also threatens to release the stolen data to the public, further pressuring the victim to comply with their demands.
Leaked Data: What’s at Risk?
According to the ransomware group, the stolen information includes customer invoices, accounting department files, personal data of both employees and customers, and even details of employment contracts. In addition to Volkswagen, 8Base may have also obtained financial details from some of the company’s key business partners. These include well-known automotive brands such as Audi, Porsche, Bentley, Lamborghini, Skoda, and Cupra—all of which have close business ties with Volkswagen.
Sources suggest that the hackers may have gained access to confidential financial data, further exacerbating the threat posed by this breach. The fact that these companies are part of the Volkswagen Group means that the attack could have far-reaching implications, affecting multiple high-profile brands and their customers.
Volkswagen’s Response
While Volkswagen has publicly denied the full extent of the attack, the company is reportedly working closely with cybersecurity experts and law enforcement agencies to assess the damage and prevent further breaches. As of now, it remains unclear whether the company plans to pay the ransom or whether it has implemented any countermeasures to contain the situation.
Join our LinkedIn group Information Security Community!
