# Grafana refuses to pay ransom after codebase theft

_Friday, June 26, 2026 at 12:56 AM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![Grafana refuses to pay ransom after codebase theft — Primary](https://cms.therecord.media/uploads/grafana_82e547d255.jpg)

Grafana Labs confirmed this weekend that hackers breached its systems and downloaded the company codebase. The company released a statement Saturday night confirming the incident and its decision not to pay a ransom.

The company said an unauthorized party obtained a token granting access to its GitHub environment. No customer data or personal information was accessed and there was no evidence of impact to customer systems or operations.

Grafana Labs said it is still investigating but believes it identified the source of the credential leak. Compromised credentials were invalidated and other security measures were taken.

The incident emerged Friday when extortion group CoinbaseCartel claimed to have stolen information. The group attempted to blackmail the company to prevent release of the codebase but Grafana refused to pay citing FBI guidance that payment does not guarantee anything.

Grafana Labs said it will share more information from its post-incident review once investigations conclude. The company did not respond to questions about potential release of the codebase or whether hackers were fully evicted.

CoinbaseCartel emerged last year as a data theft offshoot of Scattered Lapsus$ Hunters. The group has attempted to extort more than 100 companies since September and relies on stolen credentials and social engineering rather than ransomware.

Grafana is an analytics and visualization application used by more than 7,000 customers to create dashboards tracking metrics and information.

## Sources

- [The Record](https://therecord.media/grafana-refuses-to-pay-ransom-codebase-theft)

---
Canonical: https://techandbusiness.org/newswire/CeoAu2iFmluHtXciHyncjI
Retrieved: 2026-06-26T09:30:19.101Z
Publisher: Tech & Business (techandbusiness.org)