DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Charles River Laboratories discloses a breach, but details are lacking

Posted on May 1, 2019 by Dissent

From their SEC filing:

On April 30, 2019, Charles River Laboratories International, Inc. (the “Company” or “Registrant”) notified clients of unauthorized access into portions of its information systems.  Promptly upon detection of unusual activity in its information systems in mid-March, the Company commenced an investigation into this incident, coordinated with U.S. federal law enforcement, and engaged leading cybersecurity experts.  Charles River also began to promptly implement a comprehensive containment and remediation plan.

While the investigation is ongoing, the Company has recently determined that some client data was copied by a highly sophisticated, well-resourced intruder.  The number of clients whose data is known to have been copied represents approximately 1% of Charles River’s total number of clients.  The percentage of clients affected does not necessarily equate to the potential revenue or financial impact related to this incident, which the Company has yet to determine.  There is no indication at this time that any of the client data the Company has identified as having been accessed during this incident was deleted, corrupted, or altered. Charles River has taken steps to contact all clients whose data is known to have been copied.

The Company continues to move aggressively to further secure its information systems, which includes adding enhanced security features and monitoring procedures to further protect its client data. While Charles River has taken substantial steps to minimize unauthorized access into its information systems, until its ongoing remediation process is complete, the Company will be unable to determine that this incident has been entirely remediated. However, Charles River believes it has closed the point of entry employed by the intruder in connection with this incident.  The Company has not observed any further indications of continued unauthorized activity in its information systems.

For information on this incident, please visit a dedicated website at www.criver.com/cybersecurity. Information set forth on that website is not incorporated herein by reference.

They never say what kinds of client data were compromised. Boston Business Journal reports that it was biotech and pharma clients who were affected and some drug developers’ data was copied, but it’s not clear whether there is any PII or PHI involved. Not even in their more extensive document with FAQ does Charles River identify data types. How odd. DataBreaches.net has emailed them to inquire.

Update: Amy Cianciaruso. Corporate Vice President, Public Relations & Corporate Communications for Charles River responded to this site’s emailed inquiries, stating, “At this time, we are only providing the information available in the 8K.”  She did not answer this site’s questions but did tell another site that the data would not have included patient data. Read more on MedCity News.

Category: Business SectorU.S.

Post navigation

← TalkTalk hacker Daniel Kelley became ‘ruthless’ cyber criminal after being rejected from college computer course
Seattle University laptop containing 2,000 Social Security numbers lost →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.