A threat actor is allegedly selling a database stolen from Infodesk, a New York-based enterprise intelligence SaaS platform that counts more than half the world’s leading pharmaceutical companies among its clients. The dataset purportedly contains employee names and email addresses belonging to staff at 18 major organizations, including Johnson & Johnson, Moderna, GSK, Merck, Medtronic, Sanofi, and the International Monetary Fund. The claim has not been corroborated and the actor behind it has no prior track record.
What Infodesk Is and Why It Matters
Founded in 1999 and headquartered in Irvington, New York, Infodesk provides a decision intelligence platform used by Global 2000 companies across life sciences, government, professional services, and investment sectors. The platform centralizes regulatory, competitive, and market intelligence for enterprise teams, with a particularly deep footprint in pharmaceutical and biotech. Acquired by Cuadrilla Capital in 2022 and expanded through the acquisition of Wide Narrow in 2023, Infodesk has grown into a sizeable enterprise software vendor whose client roster spans some of the most heavily regulated industries in the world, making it a high-value target for any attacker looking to harvest corporate contact data at scale through a single third-party entry point.
The Alleged Dataset
The actor claims the breach occurred in February 2026 and that the stolen database contains employee records across 18 organizations separated into individual CSV files per client. The full list of allegedly compromised organizations includes AARP, Abbott, Argenx, Bayer, GSK, the IMF, Johnson & Johnson, Kearney, Kenvue, Medtronic, Merck, Moderna, Novonesis, Novo Nordisk, Olympus, Sanofi, UCB, and Vertex. Record counts per organization range from 72 to 999. The data types claimed are limited to employee names and email addresses.
Notably, several of the email addresses in the sample data carry Infodesk-formatted domains rather than the corporate email addresses of the organizations themselves — for example, addresses structured as username@[client].infodesk.com. This pattern is consistent with a breach of Infodesk’s own identity or single sign-on infrastructure rather than a direct compromise of the client organizations, and supports the supply chain angle of the claim. The inclusion of the IMF in the alleged client list is also notable — unlike the pharmaceutical and consulting firms that make up the bulk of the dataset, the IMF is a major international financial institution, suggesting Infodesk’s platform reach extends well beyond life sciences.
Credibility Concerns
The actor behind the listing has no prior breach history and joined the forum in April 2026, making independent verification of the claim impossible at this stage. The data types involved (names and email addresses) are relatively low in sensitivity compared to financial or medical records, but the breadth of the client list and the specificity of the per-organization file structure add some surface credibility. The dataset is being offered as a one-time sale for cryptocurrency.
None of the 18 organizations named in the claim had issued any public statement at time of publication. Infodesk had not issued any public statement at time of publication.
The Supply Chain Risk
If substantiated, a breach of Infodesk’s platform would represent a textbook supply chain exposure: a single vendor compromise providing an attacker with harvested employee contact data across dozens of major enterprises simultaneously, similar to the TeamPCP supply chain attack on Mercor that rippled across multiple high-profile clients. Employee email addresses from named pharmaceutical and financial organizations are immediately useful for targeted spear phishing, business email compromise, and credential stuffing campaigns. Staff at organizations with active Infodesk accounts should be alert to any unusual communications referencing regulatory intelligence, compliance workflows, or platform access. For guidance on responding to a potential breach notification, see our data breach response guide.
