The pharmaceutical research firm Inotiv, based in West Lafayette, Indiana, recently announced a ransomware attack and data breach that resulted in the extraction of sensitive information from its system. Inotiv has approximately 2,000 employees and has a yearly income of more than $510 million. The company offers services in research modelling, drug discovery, and drug development.
Inotiv discovered the ransomware attack on August 8, 2025 because of lost access to certain systems, networks, and data storage, leading to interruptions to some business operations. In its filing with the U.S. Securities and Exchange Commission (SEC) on December 3, 2025, Inotiv reported that access to the impacted networks and systems is restored and that its internal investigation into the cyberattack is complete.
The investigation revealed that a ransomware group accessed its system from around August 5 to August 8, 2025, and might have acquired certain data. Based on the breach notification submitted to the Maine Attorney General, the breach affected the data of 9,542 individuals, including names, birth dates, addresses, driver’s license numbers/government ID numbers, Social Security numbers, debit/credit card data, health data, and medical insurance details. The incident affected the present and previous employees of Inotiv and their dependents, and those who interacted with the company or organizations bought by Inotiv.
Ransomware attacks usually entail a ransom demand, but this case did not seem to involve a ransom demand. Inotiv did not disclose the ransomware group responsible for the attack. Nonetheless, the Qilin ransomware group professed to had been behind the attack and listed Inotiv on its dark web data leak site in August. Qilin stated that it extracted 176 GB of data during the attack. Qilin is an active ransomware-as-a-service group and targeted medical and pharmaceutical companies recently. The group was behind the ransomware attack on Synnovis, a UK pathology services provider, which resulted in blood shortage and triggered massive interruption to business functions.
Inotiv is no longer listed on the Qilin data leak site, which implies the likely payment of a ransom. In the SEC filing, Inotiv stated the effect of the attack is still under evaluation, thus it is presently not clear whether the attack will have any strong impact on its financial status. In compliance with HIPAA Breach Notification Law, Inotiv sent notification letters to the affected individuals and offered them free credit monitoring and identity theft protection services for 24 months.