LAST UPDATED Loading...

Alcon Allegedly Breached as Customer Data, Salesforce Records, and Source Code Surface

A threat actor claims to have stolen customer records, Salesforce supplier data, and source code from Alcon, although the authenticity of the alleged breach remains unverified.
Screenshot of a forum post alleging an Alcon data breach, claiming customer records, Salesforce supplier data, MARLO platform conversations, and source code were stolen. The visible CSV sample and download links have been blurred by BreachNews.
Forum post alleging a May 2026 breach of Alcon and advertising a dataset containing purported customer, supplier, and source code data. BreachNews blurred the published sample records, download links, and other potentially sensitive information.

Medical device and eye care company Alcon is allegedly the victim of a data breach after a threat actor claimed to possess customer data, Salesforce records, and source code in a forum post that also included a separate alleged breach claim involving Nike. Alcon had not issued any public statement at time of publication.

Threat actor alleges failed negotiations

According to the post, the threat actor claims Alcon entered into negotiations after receiving samples of the allegedly stolen data but later ended discussions before an agreement was reached. The post also threatens future attacks against the company and claims the data was released following the collapse of those negotiations.

BreachNews could not independently verify that any negotiations took place.

Purported leak contains customer, supplier, and internal data

According to the threat actor, the published archive contains data associated with Alcon’s “MARLO” platform and other internal systems.

The allegedly stolen data is claimed to include:

  • Customer names
  • Mailing addresses
  • Phone numbers
  • Email addresses
  • Salesforce supplier data
  • Conversations from the MARLO platform
  • Order numbers
  • Customer account records
  • Source code

The published CSV samples appear to contain customer account information, including customer identifiers, addresses, geographic information, account classifications, and other business-related metadata. BreachNews has intentionally withheld potentially sensitive information contained in the samples.

Samples appear consistent with business records

The released samples consist primarily of CSV exports containing customer and account information. Visible fields reference customer numbers, Salesforce identifiers, addresses, account classifications, industry descriptions, regional data, and other business attributes commonly found in customer relationship management platforms.

While the structure of the files appears internally consistent, BreachNews could not independently verify that the records originated from Alcon or that they were obtained through unauthorized access to company systems.

Authenticity remains unverified

The threat actor responsible for the post has little publicly established history, and the claims have not been independently corroborated. Although the published samples appear detailed and consistent with enterprise business data, they should not be treated as confirmation that a data breach occurred.

If authentic, the alleged exposure could affect customers, suppliers, and business partners whose information was reportedly stored within Alcon’s internal systems. The claimed inclusion of source code and internal communications could also present additional security risks beyond the exposure of customer information.

BreachNews will update this article if Alcon confirms the incident, disputes the claims, or releases additional information regarding the alleged breach.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

Newsletter signup

Get the latest data breach and security news.

Please wait...

Thank you for signing up!

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map