Ransomware victim disclosure
← All victimsJohnson & Johnson Innovative Medicine
Claimed by Spacebears · listed 13 days ago
Status timeline
- Listed
May 7, 2026
Current state: Listed for ransom
At a glance
- Group
- Spacebears
- Status
- Listed for ransom
- Country
- United States
- Sector
- Pharmaceutical
- Listed on leak site
- May 7, 2026
About the victim
AI dossier — public-source company profileJohnson & Johnson Innovative Medicine, formerly known as Janssen Pharmaceuticals, is the pharmaceutical division of Johnson & Johnson, one of the world's largest healthcare corporations headquartered in New Brunswick, New Jersey, USA. The division focuses on the research, development, and commercialization of prescription medicines targeting complex diseases across immunology, oncology, neuroscience, and other therapeutic areas. It operates globally and is among the largest pharmaceutical entities in the world.
- Industry
- Pharmaceutical & Biotechnology (Innovative Medicine / Drug Development)
- Employees
- 10001+
- Founded
- 1886
Attack summary
Severity: high — The claimed data includes PII (personal customer IDs), financial records, audit files, and legal/court case documents from a major pharmaceutical company. While no proof files or confirmed exfiltration volume are provided, the nature of the data categories—particularly patient/client PII and regulated financial records at the scale of a global pharma division—warrants a high severity rating. A critical rating is not assigned due to the absence of confirmed exfiltration evidence or proof files.The Spacebears ransomware group has listed Johnson & Johnson Innovative Medicine as a victim, claiming access to client data, financial data, personal customer IDs, audit records, and court case documentation. No ransom amount, data volume, or proof files are explicitly stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Client data
- Financial data
- Personal customer IDs
- Audit records
- Court case documentation
What the group claims
Pharmaceutical division of Johnson & Johnson specializing in development and production of revolutionary medicines
The leak post
captured from the group's siteDo you trust your data to this company? This page contains a list of companies whose clients and business partners entrusted them with their confidential data, but these companies leaked data. The data may contain confidential information such as login credentials, intellectual property, personal and financial data, etc. Our company, Erla Technologies SAS, has specialised for more than 30 years in designing, manufacturing, installing and maintaining a huge range of innovative equipment with Guaranteed French Produced certification and intended for storage, distribution and management of petroleum products, biofuel, Adblue and industrial and chemical fluids.Aware of environmental issues, new energies are at the heart of the innovations and solutions brought by Erla Technologies. -One of the clients is the French army, documentation.-Personal information of employees and clients-Financial documents-Other files Operation of a network of karaoke establishments, providing leisure and entertainment services for individual and corporate clients. Development and management of a chain of food and beverage establishments, primarily in the Japanese izakaya style, as well as other concepts w…
Data the group says was taken
- Client Data
- Financial Data
- Personal Customer ID
- Audit
- Court Case
Screenshot of the leak post
Sources
Source
Indexed 13 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.