CLOP ransomware group attacked ExecuPharm, a US clinical research organisation (CRO) and pharmaceutical services company, on March 13 2020. After the company declined to pay, CLOP published stolen files on their leak site — one of the earliest high-profile uses of a ransomware leak site. The published data included employee PII: Social Security numbers, financial account information, passport scans, tax documents, and health information for over 150 employees and contractors. The company disclosed the breach on March 27 2020. The incident was notable as an early example of CLOP’s double-extortion model targeting a life-sciences organisation.