West pharmaceutical says hackers stole data, encrypted systems

At a glance:

• West Pharmaceutical detected a network intrusion on May 4, 2026.
• Attackers exfiltrated undisclosed data and encrypted critical manufacturing systems.
• Core enterprise systems have been restored, but full recovery timeline remains unknown.

What happened

West Pharmaceutical Services disclosed that it fell victim to a material cybersecurity attack that resulted in both data exfiltration and system encryption. The company first detected the compromise on May 4, 2026, and by May 7, 2026 it confirmed that an unauthorized party had stolen data from its network and encrypted certain systems, as noted in a filing with the U.S. Securities and Exchange Commission (SEC).

The filing states that the intrusion prompted an immediate activation of incident‑response protocols, including taking systems offline globally to contain the breach, notifying law‑enforcement agencies, and engaging external cyber‑forensic experts. While the investigation is still ongoing, West Pharmaceutical has not disclosed the exact nature or scope of the stolen data.

Response and remediation

Following the detection, West Pharmaceutical engaged Palo Alto Networks’ Unit 42 along with other external experts and legal counsel to lead containment and recovery efforts. The company reports that it has restored its core enterprise systems that support shipping and manufacturing, allowing partial restart of production lines. However, a complete restoration of all systems has not yet been achieved, and no timeline for full recovery was provided.

In addition to technical containment, West Pharmaceutical says it has taken “technical and organizational measures” such as proactive shutdown and isolation of affected on‑premise infrastructure, restriction of access to enterprise systems, and continued crisis‑management protocols. The firm also indicated that steps have been taken to mitigate the risk of disseminating the exfiltrated data, though specific actions were not detailed.

Impact and outlook

West Pharmaceutical Services is a publicly traded S&P 500 company with annual revenues exceeding $3 billion and a workforce of more than 10,800 employees worldwide. The cyberattack disrupted global business operations, affecting shipping, manufacturing, and potentially the supply chain for injectable drug packaging and delivery devices. The company has not provided any estimates regarding the material financial impact of the incident.

No ransomware group has claimed responsibility for the attack at the time of writing. Industry observers note that the lack of a ransom note may indicate a data‑theft‑first motive, but the full ramifications for customers and partners remain to be seen. Stakeholders are advised to monitor forthcoming SEC disclosures and any further updates from West Pharmaceutical regarding the scope of the data that was taken.