Medical device and eye care company Alcon is allegedly the victim of a data breach after a threat actor claimed to possess customer data, Salesforce records, and source code in a forum post that also included a separate alleged breach claim involving Nike. Alcon had not issued any public statement at time of publication.
Threat actor alleges failed negotiations
According to the post, the threat actor claims Alcon entered into negotiations after receiving samples of the allegedly stolen data but later ended discussions before an agreement was reached. The post also threatens future attacks against the company and claims the data was released following the collapse of those negotiations.
BreachNews could not independently verify that any negotiations took place.
Purported leak contains customer, supplier, and internal data
According to the threat actor, the published archive contains data associated with Alcon’s “MARLO” platform and other internal systems.
The allegedly stolen data is claimed to include:
- Customer names
- Mailing addresses
- Phone numbers
- Email addresses
- Salesforce supplier data
- Conversations from the MARLO platform
- Order numbers
- Customer account records
- Source code
The published CSV samples appear to contain customer account information, including customer identifiers, addresses, geographic information, account classifications, and other business-related metadata. BreachNews has intentionally withheld potentially sensitive information contained in the samples.
Samples appear consistent with business records
The released samples consist primarily of CSV exports containing customer and account information. Visible fields reference customer numbers, Salesforce identifiers, addresses, account classifications, industry descriptions, regional data, and other business attributes commonly found in customer relationship management platforms.
While the structure of the files appears internally consistent, BreachNews could not independently verify that the records originated from Alcon or that they were obtained through unauthorized access to company systems.
Authenticity remains unverified
The threat actor responsible for the post has little publicly established history, and the claims have not been independently corroborated. Although the published samples appear detailed and consistent with enterprise business data, they should not be treated as confirmation that a data breach occurred.
If authentic, the alleged exposure could affect customers, suppliers, and business partners whose information was reportedly stored within Alcon’s internal systems. The claimed inclusion of source code and internal communications could also present additional security risks beyond the exposure of customer information.
BreachNews will update this article if Alcon confirms the incident, disputes the claims, or releases additional information regarding the alleged breach.












