West Pharmaceutical confirms hackers stole data, encrypted systems
▼ Summary
– West Pharmaceutical Services disclosed a material cybersecurity attack on May 7, 2026, involving data exfiltration and system encryption.
– The company detected the intrusion on May 4, 2026, and responded by taking systems offline globally, notifying law enforcement, and engaging external cyber-forensic experts.
– The attack disrupted global business operations, but core enterprise systems supporting shipping and manufacturing have been restored, with manufacturing partially restarted.
– West Pharmaceutical Services has not provided a timeline for full system restoration or an estimate of the incident’s financial impact.
– The company engaged Palo Alto Networks’ Unit 42 for incident response, and no ransomware group has claimed responsibility for the attack.
West Pharmaceutical Services has confirmed that a cyberattack earlier this month led to both data exfiltration and system encryption, marking a significant security incident for the major pharmaceutical manufacturer.
The company first detected the compromise on May 4. According to a filing with the U. S. Securities and Exchange Commission (SEC), West Pharmaceutical determined by May 7 that it had experienced a material cybersecurity attack involving unauthorized access and data theft, along with the encryption of certain systems.
“Upon initial detection of an intrusion on May 4, 2026, the company promptly activated its incident response protocols, including proactively taking systems offline globally for containment purposes, notifying law enforcement, and engaging external cyber-forensic experts,” the filing states.
An ongoing investigation aims to clarify the full scope of the breach and the specific types of data stolen.
West Pharmaceutical Services is a publicly traded S&P 500 company with annual revenues exceeding $3 billion and a global workforce of more than 10,800 employees. The firm specializes in injectable drug packaging, syringe and vial components, containment systems, and drug delivery devices.
The attack inevitably disrupted global business operations. The company reports that core enterprise systems supporting shipping and manufacturing have been restored, and manufacturing has partially restarted. However, complete system restoration has not yet been achieved, and no timeline for finalizing this process has been provided.
Financial impact estimates have also not been disclosed. The company says it has taken steps to mitigate the risk of the exfiltrated data being disseminated, but it has not specified what those measures entail.
BleepingComputer reached out to West Pharmaceutical for further comment. A company spokesperson confirmed that after detecting the intrusion, incident response and crisis management protocols were activated.
“Following initial detection of an intrusion on May 4, 2026, West Pharmaceutical Services promptly implemented a series of technical and organizational measures to contain and mitigate the potential impact. This included the proactive shutdown and isolation of affected on-premise infrastructure for containment purposes, restriction of access to enterprise systems, and activation of further incident response and crisis management protocols, including notifying law enforcement,” the spokesperson said.
The company has engaged Palo Alto Networks’ Unit 42 for incident response, containment, and recovery, working alongside other external experts and legal counsel.
As of now, no ransomware group has claimed responsibility for the attack.
(Source: BleepingComputer)
