The pharmaceutical research company Inotiv has confirmed that a cyberattack in August exposed some of its data to hackers.
“While we have identified the likely scope of the incident, the full operational and financial impacts are still being evaluated,” West Lafayette, Ind.–based Inotiv said in a filing with the Securities and Exchange Commission on Dec. 3.
Because the evaluation remains ongoing, Inotiv said it has not determined if the incident will have a material impact on its finances.
Inotiv said in late August that it was investigating an attack that occurred a few weeks earlier. At the time, the Qilin ransomware gang claimed credit for the intrusion.
In its SEC filing, Inotiv said the attack occurred between Aug. 5 and Aug. 8, prompting the company to take its systems offline while it remediated the breach. “We have restored availability and access to our networks and systems,” the company said in the filing, adding that it was “in the process of providing notifications regarding the 2025 Cybersecurity Incident in accordance with applicable legal obligations.”
In a required notice filed with the office of Maine’s attorney general, Inotiv said the hack affected roughly 9,500 people. The stolen data pertained to current and former employees, those employees’ family members and “other individuals who have interacted with Inotiv or companies it has acquired,” according to a letter that Inotiv is sending to affected individuals.
In claiming credit for hacking Inotiv in August, Qilin said it had stolen nearly 200 GB of data from the company. Inotiv did not respond to a request for comment.