Swiss pharmaceutical company Novartis has confirmed it suffered a cyberattack, but said that no sensitive data has been stolen in the incident.
According to the tech news website BleepingComputer, the Industrial Spy data-extortion gang began selling data allegedly stolen from Novartis on their extortion marketplace for the price of $500,000 in bitcoins.
First spotted in April 2022, the Industrial Spy marketplace sells stolen data from compromised companies, as well as offering free stolen data to its members. The marketplace offers different tiers of data offerings, with "premium" stolen data packages costing millions of dollars and lower-tier data that can be bought as individual files for as little as $2. More recently, Industrial Spy has launched its own ransomware operation.
Threat actor claims that the data offered for sale is related to RNA and DNA-based drug technology and tests from Novartis and were stolen “directly from the laboratory environment of the manufacturing plant.”
Novartis said in a statement that it is aware of the claims and after a thorough investigation it can confirm that no sensitive data has been compromised.
“We take data privacy and security very seriously and have implemented industry standard measures in response to these kind of threats to ensure the safety of our data,” the company said, without elaborating on when the incident has occurred or how the attackers have gained access to its systems.