The Everest ransomware group claims to have compromised Evaluate Ltd, a prominent UK-based pharmaceutical intelligence and data analytics company. The threat actors allege to have exfiltrated a massive 1.33 TB database from an insufficiently secured SFTP server, containing highly sensitive commercial intelligence, proprietary client models, and patient records. The exposure of this data poses severe regulatory and reputational risks, including potential UK and EU GDPR enforcement, while fundamentally threatening Evaluate’s core business model.
According to the actor, the allegedly compromised data includes:
-
Pharmaceutical product attribute databases and historical consensus sales forecasts
-
Patient-level oncology treatment data (Novartis), including demographic details, regimens, and US facility identifiers
-
Proprietary financial models and sell-side broker research from 18 investment banks
-
Algorithmic trading data feeds for prominent hedge funds and quant trading firms
-
Bespoke client forecast models and confidential pipeline strategies for major pharmaceutical companies (e.g., Janssen, Bayer, Eisai)
-
Internal HR data, including corporate card records, team budgets, and expense settlements
-
Clinical trials databases, epidemiological forecast models, and CDMO intelligence
-
Proprietary analytics pipelines and consulting project files
