Pharma giant hit by major cyberattack — Cencora confirms data was stolen

Data leak
(Image credit: Shutterstock/dalebor)

Cencora has confirmed suffering a data breach earlier this month which resulted in the theft of sensitive, personal data.

Cencora is a drug wholesale company and a contract research firm that was previously known as Amerisource Bergen. It was formed in 2001, after the merger of Bergen Brunswig and AmeriSource.

As picked up by BleepingComputer, the company filed an 8-K form with the Securities and Exchange Commission (SEC), in which it listed a few details about the attack.


Reader Offer: Save 61% on NordPass for Business

<a href="https://go.nordpass.io/aff_c?offer_id=754&aff_id=39632&url_id=23176" data-link-merchant="go.nordpass.io"" target="_blank" rel="nofollow">Reader Offer: Save 61% on NordPass for Business<a href="https://go.nordpass.io/aff_c?offer_id=754&aff_id=39632&url_id=23176 &aff_sub=hawk-custom-tracking" data-link-merchant="go.nordpass.io"" data-link-merchant="go.nordpass.io"" target="_blank" rel="nofollow">
NordPass provides an easy-to-use and highly secure solution that most businesses will love, according to Techradar editors. <a href="https://go.nordpass.io/aff_c?offer_id=754&aff_id=39632&url_id=23176" data-link-merchant="go.nordpass.io"" data-link-merchant="go.nordpass.io"" data-link-merchant="go.nordpass.io"" target="_blank">Plans start at less than $1.79 per user per month - plus get 3 months extra.

Preferred partner (<a href="https://www.techradar.com/news/content-funding-on-techradar" data-link-merchant="techradar.com"" data-link-merchant="go.nordpass.io"" data-link-merchant="go.nordpass.io"" data-link-merchant="go.nordpass.io"" target="_blank">What does this mean?) 

No business disruptions

“On February 21, 2024, Cencora learned that data from its information systems had been exfiltrated, some of which may contain personal information,” the filing reads.

“Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel.”

The filing further goes to state that the incident has so far had no material impact on Cencora’s operations, and that its IT systems “continue to be operational”. While it’s not explicitly stated, this would suggest that this was not a ransomware attack, but rather “just” information stealing.

“The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Cencora concluded in the filing. Last year, Cencora counted some 46,000 employees and brought in $262.2 billion in revenue.

Right now, the company isn’t sharing further details with the media, and is pointing them towards the SEC filing. Therefore, we don’t know if the threat actors reached out to Cencora after the incident with potential ransom demands, who the attackers are, or how they infiltrated the company infrastructure.

In a short statement to BleepingComputer, Cencora confirmed that this attack is in no way connected to the Change Healthcare ransomware attack that happened earlier this month.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.