CrowdStrike recently fired an employee who shared internal data with a hacking group known as Lapsus$ (also called Scattered Lapsus Hunters).

The person leaked screenshots showing CrowdStrike’s internal dashboards and a Single Sign On panel managed by Okta.

The hackers claimed they accessed CrowdStrike’s systems through a third party vendor. CrowdStrike denies any successful technical intrusion into its core infrastructure.

Why it matters

Here is the thing. When someone inside an organisation shares sensitive data, it bypasses many of the protections built into external security systems.

In this case, the incident highlights two major risk points:

1. Insider threats, meaning people who already have access to systems or data.
   
   
2. Security of third party vendors, because even if your own systems are tightly controlled, a vendor can become a weak link.

CrowdStrike’s response

CrowdStrike acted swiftly when the leak was identified. They terminated the employee involved and defended the integrity of their systems by stating there was no successful hack of their internal environment.

By responding quickly, they aimed to limit damage and show that insider misuse will not be tolerated.

The broader takeaway

What this really means is that cybersecurity is not only about firewalls and defence tools. It is also about human behaviour and the network of relationships a company has with its partners.
 Companies need to:

• Monitor and manage insider access carefully.
  
  
• Include vendor risk assessments in their security strategies.
  
  
• Understand that attackers often target weak points such as contractors or service providers.

What to watch going forward

• Other firms may review how they vet vendors and what level of access those vendors receive.
  
  
• There may be increased regulatory or compliance attention on how organisations handle insider misuse.
  
  

Security teams might adopt stricter controls or monitoring of internal dashboards and Single Sign On access to reduce similar risks.