Ransomware victim disclosure
← All victimsViking Therapeutics reported to the SEC following a breach
Claimed by ALPHV/BlackCat · listed 3 years ago
Status timeline
- ListedDec 18, 2023
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Pharmaceutical
- Listed on leak site
- Dec 18, 2023
About the victim
AI dossier — public-source company profileViking Therapeutics is a clinical-stage biopharmaceutical company headquartered in San Diego, California, focused on developing novel therapeutics for metabolic and endocrine disorders. Its lead program, VK2735, is a dual GLP-1/GIP receptor agonist currently in Phase 3 clinical trials for obesity, with both subcutaneous and oral formulations under evaluation. The company also has additional pipeline assets targeting lipid disorders and other metabolic conditions.
- Industry
- Clinical-Stage Pharmaceutical & Biotechnology
- Address
- 9920 Pacific Heights Blvd, Suite 500, San Diego, CA 92121
- Employees
- 51-200
Attack summary
Severity: high — Viking Therapeutics is a publicly traded clinical-stage pharmaceutical company that filed an SEC disclosure following the breach, indicating material impact. ALPHV has published the data, suggesting confirmed exfiltration of potentially sensitive business, clinical, and financial data. The pharmaceutical/biotech context and SEC reporting obligation elevate severity, though no confirmed PII-at-scale or medical records of patients have been explicitly documented.The ALPHV ransomware group claimed an attack on Viking Therapeutics, with the company subsequently reporting the breach to the SEC; the disclosed status indicates data was published, though no specific exfiltration volume or encryption details are captured in the available leak post.
Data the group says was taken
AI dossier — extracted from the leak post- SEC-reportable breach data
- Potentially clinical trial data
- Potentially proprietary drug development information
- Potentially employee/corporate records
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

