Cyber Incident Victim: Charles River Laboratories International, Inc.

In mid-March 2019, Charles River Laboratories International, Inc. detected unusual activity within its information systems, prompting an immediate investigation. The company coordinated with U.S. federal law enforcement and engaged cybersecurity experts to assess the breach. By April 30, 2019, the company disclosed through an SEC filing that an unauthorized intruder had accessed portions of its network, copying data from approximately 1% of its total client base. The attacker was characterized as highly sophisticated and well-resourced, though no specific attribution or motive was provided. Charles River implemented a containment and remediation plan upon detection, asserting it had closed the intruder’s point of entry and observed no further unauthorized activity following initial mitigation. The company began notifying affected clients but did not specify the types of data compromised in its public filings or dedicated incident webpage.

The breach impacted biotech and pharmaceutical clients, with some drug developers’ information copied, according to secondary reports. Charles River confirmed no evidence that accessed client data was deleted, corrupted, or altered but did not clarify whether personal identifiable information (PII) or protected health information (PHI) was involved. A corporate representative later stated the compromised data excluded patient information, though this detail was absent from formal disclosures. Financial impact remained undetermined at the time of reporting, as the company emphasized the affected client percentage did not directly correlate to potential revenue loss. Remediation efforts included enhanced security features and monitoring procedures, though Charles River acknowledged ongoing work to fully secure its systems. The incident concluded with unresolved public questions about data specificity, as the company declined to provide additional details beyond its SEC filing.