Charles River Labs Hit by Hackers, Some Client Data Compromised

hacker sitting at computer with binary code laying over top

Charles River Laboratories is the latest company to be hit by hackers.

The company disclosed the data breach in a filing with the U.S. Securities and Exchange Commission on Tuesday. The hacking occurred in March and the company said the data of about 1 percent of its total number of clients was compromised.

“While the investigation is ongoing, the Company has recently determined that some client data was copied by a highly sophisticated, well-resourced intruder,” the company said in its filing.

In its filing, Charles River said the percentage of clients who were affected by the data breach “does not necessarily equate to the potential revenue or financial impact related to this incident, which the company has yet to determine.” Charles River said as of this time, there is no indication that any of the client data that was determined to have been accessed was deleted, corrupted or altered. Charles River said it has notified all clients whose data was known to have been copied and compromised.

The hacking was first discovered in mid-March, Charles River disclosed. Upon discovery, the company coordinated an investigation with U.S. authorities and cybersecurity experts. Charles River Labs notified clients on April 30, the company said in its filing.

Charles River said it will aggressively move to further secure its information systems. The company will add enhanced security features and monitoring procedures to further protect its client data.

Click to sign up for newsletters

While Charles River has taken substantial steps to minimize unauthorized access into its information systems, the company said that until the ongoing remediation process is complete, it will be unable to determine whether or not the hacking incident has been entirely remediated.

“However, Charles River believes it has closed the point of entry employed by the intruder in connection with this incident. The company has not observed any further indications of continued unauthorized activity in its information systems,” Charles River said in its filing.

Last year, the federal National Counterintelligence and Security Center (NCSC) pegged biotechnology as a rich target for foreign hackers. According to the report, “biomaterials, biopharmaceuticals and new vaccines and drugs as of particular interest” to foreign hackers. Additionally, the government report said hackers are interested in garnering information on advanced medical devices, infectious disease treatment and genetically modified organisms.

“The United States remains a global center for research, development, and innovation across multiple high-technology sectors. Federal research institutions, universities, and corporations are regularly targeted by online actors seeking all manner of proprietary information and the overall long-term trend remains worrisome,” the NCSC report said.

In 2017, pharma giant Merck was the target of an attack. Merck & Co., among other companies, was targeted by a malware attack that was believed to have originated in Ukraine. The malware strain, known as NotPetya, is a type of ransomware, and it shut down computer systems and sought to extort funds from companies in order to release those compromised systems. When Merck was hit by the malware, the company said the event forced it to halt production, which hurt profits. It was enough to prompt federal lawmakers to take action after they feared drug shortages.

Back to news