Novartis confirmed to Swiss media sources that while the drugmaker was a victim of a cyberattack, no sensitive data was compromised.
The pharma company had data stolen by Industrial Spy, a hacking group that runs an extortion marketplace, as reported by Bleeping Computer. In a statement shared with the information security news publication, Novartis said that the matter had been investigated and the company could confirm “no sensitive data has been compromised.”
As a part of their report on the cyberattack, Bleeping Computer shared a screenshot image of the data being sold on Tor extortion, an online marketplace, for $500,000 in bitcoins. The data for sale was allegedly the “latest RNA and DNA-based technology from Novartis, currently developed and used as next-generation enabling technology for developing current vaccine variants, among others.”
The hacking group also claimed they would provide the variant of the technology that is also used in Novartis’ generic cancer therapy, Kymiriah. “The offered files come directly from the laboratory environment of the manufacturing plant,” they added.
As companies move toward remote, cloud-based management, the risk of cyberattacks increases. While Bleeping Computer did not confirm how Industrial Spy accessed the data, there was no evidence that devices were encrypted during the incident.