Cencora has confirmed suffering a data breach earlier this month which resulted in the theft of sensitive, personal data.
Cencora is a drug wholesale company and a contract research firm that was previously known as Amerisource Bergen. It was formed in 2001, after the merger of Bergen Brunswig and AmeriSource.
As picked up by BleepingComputer, the company filed an 8K form with the Securities and Exchange Commission (SEC), in which it listed a few details about the attack.
No business disruptions
“On February 21, 2024, Cencora learned that data from its information systems had been exfiltrated, some of which may contain personal information,” the filing reads.
“Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel.”
The filing further goes to state that the incident has so far had no material impact on Cencora’s operations, and that its IT systems “continue to be operational”. While it’s not explicitly stated, this would suggest that this was not a ransomware attack, but rather “just” information stealing.
“The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Cencora concluded in the filing. Last year, Cencora counted some 46,000 employees and brought in $262.2 billion in revenue.
In a short statement to BleepingComputer, Cencora confirmed that this attack is in no way connected to the Change Healthcare ransomware attack that happened earlier this month.