Breach taxonomy
Summary
On February 21, 2024, Cencora, Inc. discovered that data had been exfiltrated from its information systems, some of which may contain personal information. The company immediately activated containment measures and commenced an investigation with the assistance of law enforcement, cybersecurity experts, and external counsel. Information systems remained operational throughout and no material operational impact was determined as of the filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to any specific threat actor → UNKNOWN.
MethodsData Exfil
Filing explicitly states data from information systems had been exfiltrated — active theft of data.
AssetsPersonal Data
Filing discloses that exfiltrated data may contain personal information from Cencora's information systems.