West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption.
The company said that it detected a compromise on May 4th. An investigation into the incident determined that the attacker stole data from the network.
“On May 7, 2026, West Pharmaceutical Services, Inc. determined that […it] has experienced a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party and certain systems were encrypted,” West Pharmaceutical Services notes in a filing with the U.S. Securities and Exchange Commission (SEC).
“Upon initial detection of an intrusion on May 4, 2026, the company promptly activated its incident response protocols, including proactively taking systems offline globally for containment purposes, notifying law enforcement, and engaging external cyber-forensic experts.”
An investigation is currently underway to determine the exact nature and scope of the incident, and the type of data the attacker stole.
West Pharmaceutical Services is a publicly traded, S&P 500 American pharmaceutical manufacturing company with annual revenues exceeding $3 billion and more than 10,800 employees globally.
The company specializes in injectable drug packaging, syringe and vial components, containment systems, and drug delivery devices.
The cyberattack triggered a response that inevitably disrupted the company’s global business operations.
The firm says it has restored its core enterprise systems that support shipping and manufacturing operations, and manufacturing has been partially restarted.
Complete restoration of all systems has not yet been achieved, and no timeline for finalizing this restoration was provided at this time.
Similarly, the company has not made any estimates about the incident’s material impact on its financials.
It’s worth noting that West Pharmaceutical Services stated that it has taken steps to mitigate the risk of the dissemination of the exfiltrated data, but hasn’t specified exactly what those steps are.
BleepingComputer has contacted the firm with a request for comments about the attack, its impact, and its current incident management plan. A company spokesperson said that immediately after detecting the intrusion, incident response and crisis management protocols were activated.
“Following initial detection of an intrusion on May 4, 2026, West Pharmaceutical Services promptly implemented a series of technical and organizational measures to contain and mitigate the potential impact. This included the proactive shutdown and isolation of affected on-premise infrastructure for containment purposes, restriction of access to enterprise systems, and activation of further incident response and crisis management protocols, including notifying law enforcement.”
West Pharmaceutical Services also engaged Palo Alto Networks’ Unit 42 for incident response, containment, and recovery efforts, in coordination with other external experts and legal counsel.
No ransomware groups have taken credit for the attack on West Pharmaceutical Services at the time of writing.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.