Charles River Labs has been hit by “a highly sophisticated, well-resourced intruder” who hacked into 1% of its clients' data.
In an 8-K form posted this week, the CRO said there was “unusual activity” seen coming from its systems in mid-March, leading it to find that “some client data was copied by a highly sophisticated, well-resourced intruder. The number of clients whose data is known to have been copied represents approximately 1% of Charles River’s total number of clients.”
The company goes on: “The percentage of clients affected does not necessarily equate to the potential revenue or financial impact related to this incident, which the company has yet to determine. There is no indication at this time that any of the client data the company has identified as having been accessed during this incident was deleted, corrupted, or altered. Charles River has taken steps to contact all clients whose data is known to have been copied.”
The CRO says it “continues to move aggressively” to lock down its system from further attacks, but cannot guarantee more data couldn't be leeched. “While Charles River has taken substantial steps to minimize unauthorized access into its information systems, until its ongoing remediation process is complete, the company will be unable to determine that this incident has been entirely remediated," the company said.
It did add, however, that it has “has closed the point of entry employed by the intruder in connection with this incident” and has not seen anything suspicious since. I asked the company whether they knew anything extra about the hacker, their intentions or whether they were part of a larger group, but the company said it would not be adding anything outside of its 8-K.
It’s not been the best spring for Charles River, as just over a month ago it announced it was axing a series of jobs as it closed down a San Diego site.
Before this, things were more positive, as Charles River has been spending, snapping up companies and making deals, including just three months back buying up early-stage CRO Citoxlab.
A month before, it went all-in for British CRO KWS BioTest in a £15 million ($20 million) deal. It’s also penned a new pact with Crown Bioscience for expanded access to the Zucker diabetic Sprague-Dawley rat model.
The company was down 1.4% this morning.