Ransomware victim disclosure
← All victimsPierre Fabre
Claimed by Revil · listed 5 years ago
Status timeline
- ListedMar 31, 2021
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profilePierre Fabre is a French pharmaceutical and dermo-cosmetics group headquartered in Castres, France (with registered offices in Boulogne-Billancourt). The group develops, manufactures and markets prescription medicines, over-the-counter health products, and dermo-cosmetic brands such as Avène, Ducray, and Klorane. It is the second-largest private pharmaceutical group in France and distributes products in over 130 countries.
- Industry
- Pharmaceutical & Dermo-cosmetics
- Address
- 45 Place Abel Gance, 92100 Boulogne-Billancourt, France
- Employees
- 10000+
- Founded
- 1962
Attack summary
Severity: high — Pierre Fabre is a major pharmaceutical manufacturer; the 'data_published' status confirms actual data exfiltration and release by REvil, likely involving sensitive business, R&D, and personal data at significant scale, though the absence of a captured leak post prevents confirmation of regulated PII or medical data at the level required for critical.REvil claimed responsibility for a ransomware attack against Pierre Fabre; the disclosed status indicates data was published, suggesting exfiltration and/or encryption of company data occurred, though the specific volume and categories of data published are not detailed in the captured post.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate business data
- Pharmaceutical research and development files
- Employee records
- Financial records
- Customer and partner data
Sources
- Victim sitepierre-fabre.com
Source
Indexed 5 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

