A massive compliance fraud has been exposed, revealing that 533 audit reports from 455 companies contained 99.8% identical boilerplate text. The scandal centers on Delve, which sold SOC 2 and ISO 27001 certifications without conducting real audits. Companies paid for compliance badges that were essentially worthless.

Forensic analysis of the leaked documents shows every single report used the same copy-pasted template, raising serious questions about the security posture of every affected organization. Security teams report using the public database to quickly identify vendors with fraudulent certifications, with some discovering multiple suppliers using Delve's fake audits.

The fallout extends beyond just the companies directly involved. Customers, investors, and partners now face existential questions about whether their vendors actually meet compliance standards. This breach of trust has made SOC 2 verification a board-level concern, as organizations scramble to audit their own supply chains and reassess vendor relationships.