Data Breach Notifications

Entity Information

  • Type of Organization: Other Commercial
  • Entity Name: Revance Therapeutics, Inc.
  • Street Address: 1222 Demonbreun St, Suite 2000
  • City: Nashville
  • State, or Country if outside the US: Tennessee
  • Zip Code: 37203

Submitted By

  • Name: Gabrielle Sims White
  • Title: VP, Legal – Lead Corporate Counsel
  • Firm name (if different than entity):
  • Telephone Number: 248-790-3746
  • Email Address: gabrielle.white@revance.com
  • Relationship to entity whose information was compromised: Current employee

Breach Information

  • Total number of persons affected (including residents): 2803
  • Total number of Maine residents affected: 1
  • If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
  • Date(s) Breach Occured: 03/15/2023
  • Date Breach Discovered: 04/09/2023
  • Description of the Breach:
    • External system breach (hacking)
    • If other, please specify: On April 9, 2023, we discovered that an unauthorized third party had accessed certain of our company’s systems and exfiltrated certain information. As soon as we became aware of the incident, we terminated the third party’s access to the affected systems and immediately began an investigation to determine the scope of the incident and identify the impacted information. We engaged a third-party cybersecurity firm that specializes in incident response to assist with our investigation and ensure that the incident was contained. After additional analysis, on April 27, 2023, we confirmed that the third party accessed and exfiltrated certain personal information from Revance’s systems. We also engaged third-party data review specialists to conduct a detailed review of the exfiltrated data and identify the individuals whose personal information may have been impacted. This review was completed on June 15, 2023. Through our investigation, we determined that the incident occurred between March 15, 2023, and April 10, 2023, and was caused by the compromise of an employee’s credentials. In response to this incident, we have enhanced our identity access management controls and authentication controls. We also notified federal law enforcement and cooperated with them throughout the incident response process. We are not aware of any misuse of personal information. As a precaution, we have engaged Kroll, Inc. to provide individuals with an offer for complimentary identity monitoring, which provides a number of services, including Credit Monitoring, a Current Credit Report, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration.
  • Information Acquired - Name or other personal identifier in combination with: Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account)

Notification and Protection Services

  • Type of Notification: Written
  • Date(s) of consumer notification: 07/10/2023
  • Copy of notice to affected Maine residents: Sample Individual Notice Letter.pdf
  • Date of any previous (within 12 months) breach notifications:
  • Were identity theft protection services offered: Yes
  • If yes, please provide the duration, the provider of the service and a brief description of the service: 24 months of Kroll Inc. Complete Identity Monitoring