A threat actor on an illicit forum is selling an extensive database allegedly belonging to Takeda, a publicly traded biopharmaceutical company headquartered in Japan. The breach hasn’t yet been officially confirmed.
A new account on an illicit forum bearing the moniker “beltway” claims that in April 2025, it exported around two million rows of user information from Takeda.com.
“We are now listing the data for public sale,” the threat actor said.
“Offers start at $75,000, and the data will only be sold once. Staff Takeda.com contacted me to take it down.”
The threat actor provided a few data samples, which allege extensive exposure of sensitive data.
Takeda, one of Japan's largest pharmaceutical companies and a major global biopharmaceutical company founded in 1781, hasn’t confirmed or denied the claims, nor has it released any information for investors.
“Takeda takes data and privacy integrity very seriously. We are aware of the claim that a data incident occurred related to our corporate website, Takeda.com. We have initiated an internal investigation and are assessing the validity of the claim,” the company's spokesperson said.
The sample provided appears to be a combination of personal information, professional details, and internal system identifiers, likely pulled from a CRM or data management system, specifically Veeva, which was referenced multiple times.
It also contains an extensive list of information collected, including names, email addresses, phone numbers, job titles, organizational affiliations, and various system data like IDs, contact data, and various other system or record status fields.
However, they’re not enough to confirm if the data leak is genuine.
“The sample contains only several users and it is hard to tell if it is really legitimate, although Veeva Systems are commonly used by pharmaceutical, biotechnology, and healthcare industries,” said Neringa Macijauskaitė, information security researcher at Cybernews, who reviewed the post.
Veeva is a customer relationship management platform for pharma sales. The alleged data leak mentions a “physician” and a “pharmacist,” which likely refers to customers rather than internal employees. The sample includes customer data like professional titles, consent, territories, and other attributes typically used to track client information in the pharma sector.
“We are aware of the claim and are helping Takeda with their investigation. Nothing suggests this was the result of a Veeva application or security vulnerability,” Veeva spokesperson said.
If the alleged data leak is genuine, then it puts exposed customers at high risk of business email compromise (BEC) schemes. The information could allow criminals to deceive people into sharing sensitive data or making fraudulent payments.
“Detailed personal and professional information, including names, and job titles like CEO, and physician, makes it easier for threat actors to craft highly targeted phishing emails. A message could look like it comes from a trusted pharma company, requesting sensitive data or credentials,” Macijauskaitė warns.
Takeda has a market capitalization of $45 billion. The company focuses on research and development of medicines in oncology, rare diseases, neuroscience, gastroenterology, plasma-derived therapies, and other key areas. The group has over 49,000 employees.
Established cybercrime rings usually avoid publishing unsubstantiated claims. However, this practice has surged recently as criminals attempt to profit from sensational accusations and fraud, as demonstrated by the recent fake claims made by the Babuk2 threat actor.
Updated on April 15th [11:43 a.m. GMT] with a statement from Takeda.
Updated on April 16th [10:45 a.m. GMT] with a statement from Veeva.
Your email address will not be published. Required fields are markedmarked