DreamUp, a U.S.-based space science education and outreach company, was listed on March 1, 2026 by an extortion group operating under the 'LAPSUS$' name on its dark-web data leak site. Security researchers and threat-intelligence analysts including SpyCloud have noted that this 2026 LAPSUS$ group is distinct from the original LAPSUS$ gang led by Arion Kurtaj that was active in 2021 and 2022, and that the connection between the two appears limited to shared branding and values rather than personnel continuity. The group's leak-site posting framed DreamUp as a ransomware-style victim, but the public posting did not include technical indicators of encryption or operational disruption, and DreamUp has not publicly confirmed or denied the claim.

The breach affected approximately 1.7 million email-address entries based on DataBreach.com's parsing of the leaked files, alongside approximately 213,000 phone numbers, 224,000 street addresses, and 7,600 names. The relatively small ratio of names and contact-detail records to email-address entries suggests the leaked data may primarily represent a marketing or outreach contact list rather than a comprehensive user-account database, with most records consisting of email addresses with limited associated identity information.

For affected individuals, the practical risk profile is moderate and primarily concerns phishing and contact-data exposure rather than credential or financial-fraud risk. The combination of email address with phone number, street address, or name supports targeted phishing referencing space-education programs, school partnerships, or student research opportunities. Recipients of the leaked data may receive education-themed phishing campaigns referencing real DreamUp programs or partner institutions. Affected individuals should remain alert to unsolicited contact referencing DreamUp, space-education programs, or student research opportunities, and should treat any communication requesting financial information, parental-consent forms, or login credentials with caution. Parents whose children's contact information may have been exposed through school-program enrollment should be alert to potential phishing campaigns targeting student or parent contacts.

Education platforms collect student identity, contact details, enrollment records, course participation, and account activity tied to institutional or online learning workflows.

DreamUp was listed by the 'new LAPSUS$' extortion group on March 1, 2026 on the group's dark-web data leak site. Security researchers and breach-tracking publications including SpyCloud have noted that the 2026 LAPSUS$ group operating these breach claims appears to have no apparent connection to the original LAPSUS$ gang led by Arion Kurtaj (which targeted Microsoft, Nvidia, Samsung, Okta, and others in 2021 to 2022) beyond shared values and branding choices. The new group is associated with the breached.st BreachForums successor site and has begun posting large breaches from major companies including a major pharmaceutical company and an AI-based talent recruiting tool. DreamUp has not publicly detailed the original incident or the specific vulnerability that enabled the compromise. DataBreach.com indexed and parsed the leaked files in mid-March 2026.