Hackers claim breach exposing Moderna, J&J, Bayer employee data

Published: 10 April 2026
infodesk breach

Hackers are claiming to have breached a corporate intelligence provider, exposing employee data from 18 pharmaceutical and financial giants.

InfoDesk, a prominent enterprise intelligence software provider, has allegedly exposed the internal employee directories of several of the world’s most powerful pharmaceutical, medical, and financial institutions.

At least that’s what a threat actor claims. The breach, which allegedly occurred in February 2026, surfaced this week on a dark web forum where a threat actor is offering the compromised data for sale.

ADVERTISEMENT

According to researchers at Cybernews who investigated the samples provided by the alleged attacker, the database contains employee records from 18 major organizations, including:

  • Pharmaceutical and Biotech: Bayer, GSK, Johnson & Johnson, Merck, Moderna, Novo Nordisk, Sanofi, UCB, Argenx, Novonesis, and Vertex
  • Medical Technology: Abbott, Medtronic, and Olympus
  • Financial and Consulting: IMF and Kearney
  • Consumer Health: Kenvue
  • Nonprofit: AARP

What data has been allegedly stolen?

The threat actor claims to possess up to 1,000 records per company. However, they provided just a small data sample that includes full names and corporate email addresses. The sample included five records per company, including Infodesk itself.

Cybernews researchers warn that this data is the primary ingredient for spear-phishing.

infodesk
Post on hacker forum

"The impact here is primarily about targeted phishing attacks," they noted.

"With a verified list of names and emails from a specific vendor like InfoDesk, an attacker can craft highly convincing messages to harvest credentials or deploy malware within these organizations."

ADVERTISEMENT

At the time of publication, InfoDesk has not officially responded to requests for comment regarding the alleged breach.

Third-party services are the Achilles’ heel of cybersecurity

The leak, if proven legitimate, represents a massive supply chain vulnerability, in which a single software vendor’s failure can place thousands at risk.

Last month, Sony's anime streaming service Crunchyroll was reportedly breached after ShinyHunters compromised an employee at third-party provider Telus, exposing an alleged 100GB of user data, including emails and credit card details.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In 2025, Scattered Spider hackers infiltrated M&S networks by phishing employees of third-party vendor Tata Consulting Services, using stolen employee login credentials. The attack knocked out retail giants' operations for a month.

A cyberattack on Salesloft's Drift application resulted in unauthorized access to Salesforce CRM data from companies using the third-party app, with Virgin Money and TD Bank, Cloudflare, Zscaler, Palo Alto Networks, Google, Allianz Life, TransUnion, Farmers Insurance, Air France, and KLM among the affected organizations.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT