Charles River Labs hit by 'well-resourced' data thief

Charles River Labs
Charles River Labs has closed the point of entry for the hacker, but still cannot 100% guarantee the breach is over. (Charles River Labs)

Charles River Labs has been hit by “a highly sophisticated, well-resourced intruder” who hacked into 1% of its clients' data.

In an 8-K form posted this week, the CRO said there was “unusual activity” seen coming from its systems in mid-March, leading it to find that “some client data was copied by a highly sophisticated, well-resourced intruder. The number of clients whose data is known to have been copied represents approximately 1% of Charles River’s total number of clients.” 

The company goes on: “The percentage of clients affected does not necessarily equate to the potential revenue or financial impact related to this incident, which the company has yet to determine. There is no indication at this time that any of the client data the company has identified as having been accessed during this incident was deleted, corrupted, or altered. Charles River has taken steps to contact all clients whose data is known to have been copied.”

Featured Webinar

From Concept to Market: Overcoming the Challenges of Manufacturing and Clinical Trials

In this webinar we will reveal the inner workings of the manufacturing and pharmacy department of a CRO/CDMO, so you understand the different regulatory and operational considerations faced by a clinical research pharmacy.

Learn how CRO/CDMOs successfully address operational and regulatory challenges for pharmaceutical and biotechnology clients; and how this can make the difference between study success or failure.

RELATED: Charles River Labs cuts jobs as it closes San Diego site

The CRO says it “continues to move aggressively” to lock down its system from further attacks, but cannot guarantee more data couldn't be leeched. “While Charles River has taken substantial steps to minimize unauthorized access into its information systems, until its ongoing remediation process is complete, the company will be unable to determine that this incident has been entirely remediated," the company said.

It did add, however, that it has “has closed the point of entry employed by the intruder in connection with this incident” and has not seen anything suspicious since. I asked the company whether they knew anything extra about the hacker, their intentions or whether they were part of a larger group, but the company said it would not be adding anything outside of its 8-K.

It’s not been the best spring for Charles River, as just over a month ago it announced it was axing a series of jobs as it closed down a San Diego site.

Before this, things were more positive, as Charles River has been spending, snapping up companies and making deals, including just three months back buying up early-stage CRO Citoxlab.

A month before, it went all-in for British CRO KWS BioTest in a £15 million ($20 million) deal. It’s also penned a new pact with Crown Bioscience for expanded access to the Zucker diabetic Sprague-Dawley rat model.

The company was down 1.4% this morning.

Suggested Articles

The agency also gave the company’s diagnostic, run on the high-throughput Panther Fusion laboratory platform, a green light for pooled testing.

Smith & Nephew has signed up to acquire Integra LifeSciences’ orthopedics business focused on the growing upper and lower extremity markets.

Ironwood had once hyped this drug as a $2 billion-a-year asset, but IW-3718 has failed to live up to its high expectations.