West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data destruction and system encryption.
The company said it received a compromise on May 4. An investigation into the incident found that an attacker stole data from the network.
“On May 7, 2026, West Pharmaceutical Services, Inc. decided that […it] experienced a significant cybersecurity attack, where certain data was leaked by an unauthorized party and certain systems were encrypted,” noted West Pharmaceutical Services in a filing with the US Securities and Exchange Commission (SEC).
“Upon receiving access on May 4, 2026, the company quickly implemented its incident response protocols, including taking offline systems around the world for containment purposes, notifying law enforcement, and external cyber-forensic experts.”
An investigation is currently underway to determine the nature and scope of the incident, as well as the type of data the attacker stole.
West Pharmaceutical Services is an S&P 500 American publicly traded pharmaceutical company with annual revenues of more than $3 billion and more than 10,800 employees worldwide.
The company specializes in injectable drug packaging, syringe and vial components, containment systems, and drug delivery devices.
The cyberattack caused a backlash that inevitably disrupted the company’s global business operations.
The company says it has restored its core business systems that support shipping and manufacturing, and production has partially resumed.
A full restoration of all systems has not been achieved, and no timeline for completing this restoration has been provided at this time.
Similarly, the company did not make any estimates regarding the major impact of the incident on its finances.
It is worth noting that West Pharmaceutical Services said it had taken steps to reduce the risk of classified data being distributed, but did not specify what those steps were.
BleepingComputer has contacted the company for comment on the attack, its impact, and its current incident management plan. A company spokesperson said that immediately after noticing the inconvenience, incident response and crisis management procedures were activated.
“Following the initial discovery of the intrusion on May 4, 2026, West Pharmaceutical Services immediately began implementing a series of technical and organizational measures to contain and mitigate the potential impact. This included active closure and isolation of the affected internal infrastructure for containment purposes, restrictions on access to business systems, and the activation of other events, including an incident management protocol.”
West Pharmaceutical Services also consulted with Palo Alto Networks’ Unit 42 for incident response, containment, and recovery efforts, in collaboration with other outside experts and legal counsel.
No ransomware groups have claimed credit for the West Pharmaceutical Services attack at the time of writing.
AI has tied four zero days to a single exploit that bypasses both renderer and OS sandboxes. A wave of new exploits is coming.
At the Automated Validation Conference (May 12 & 14), see how autonomous, context-rich validation finds usability, validates controls, and closes the correction loop.
Find Your Place
