West Pharma Cyberattack: Data Stolen, Systems Encrypted

West Pharmaceutical Services, a $3 billion S&P 500 drug‑packaging firm, disclosed on May 13, 2026 that it was hit by a material cyberattack. The company detected the intrusion on May 4, 2026, and immediately activated its incident‑response plan, isolating affected on‑premise servers and notifying law enforcement. Forensic investigators from Palo Alto Networks’ Unit 42 were engaged to contain the breach and determine the scope of the compromise.

The attackers exfiltrated an undisclosed amount of corporate data and encrypted a number of critical systems, forcing West Pharma to take its global infrastructure offline. The encryption of systems is consistent with a ransomware payload, though the company has not confirmed the presence of ransomware. Business operations were severely disrupted; shipping and manufacturing were halted, and only partial restoration of core enterprise systems had been achieved as of the filing. A timeline for full recovery has not been released, and the financial impact remains undetermined.

West Pharma said it has taken steps to mitigate the risk of the exfiltrated data being disseminated, but did not elaborate on the specific controls. Security teams recommend that organizations in the pharmaceutical sector verify the integrity of their remote‑access pathways and monitor for anomalous data flows. Users can check if their corporate email addresses have been exposed in similar breaches using the email breach checker, and ensure that any SSL/TLS certificates protecting sensitive endpoints are properly configured with the SSL/TLS checker. Additionally, verifying that VPN and proxy services are not leaking internal DNS queries via the DNS leak test can help prevent credential harvesting attacks.