Pharmaceutical research firm Inotiv has begun notifying thousands of individuals that their personal data was stolen during a ransomware attack in August 2025. The attack, claimed by the Qilin group, resulted in the exfiltration of 176 GB of sensitive data.
Business Impact
This breach highlights the severe “long tail” of ransomware. Months after the initial attack, the company is still grappling with regulatory notifications and reputational damage. The loss of sensitive employee and partner data creates long-term legal liability.
Why It Happened
Qilin targets organizations with high-value intellectual property and sensitive data. They likely exploited a vulnerability to gain access and spent time exfiltrating data for double extortion before being detected.
Recommended Executive Action
Ensure your incident response plan includes specific protocols for “post-breach” activities, including rapid forensic analysis to determine the scope of data loss. Delays in notification (as seen here) often lead to increased regulatory fines.
Hashtags: #DataBreach #Pharma #Ransomware #Qilin #Inotiv #CyberAttack #Privacy #InfoSec