Breach taxonomy
Summary
On February 21, 2024, Cencora, Inc. discovered that data had been exfiltrated from its information systems, some of which may contain personal information. The company immediately activated containment measures and commenced an investigation with the assistance of law enforcement, cybersecurity experts, and external counsel. Information systems remained operational throughout and no material operational impact was determined as of the filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to any specific threat actor → UNKNOWN.
MethodsData Exfil
Filing explicitly states data from information systems had been exfiltrated — active theft of data.
AssetsPersonal Data
Filing discloses that exfiltrated data may contain personal information from Cencora's information systems.
EffectsInfo Privacy Loss
Data exfiltration with potential personal information exposure; no operational disruption mentioned and systems remained operational.
Impact
Data exfiltration from a major pharmaceutical distributor with potential personal information exposure; no operational impact and scope of exfiltration not yet determined at filing.
InsuranceNot disclosed
Filing makes no mention of insurance.
Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents. On February 21, 2024, Cencora, Inc. learned that data from its information systems had been exfiltrated, some of which may contain personal information. Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel. As of the date of this filing, the incident has not had a material impact on the Company's operations, and its information systems continue to be operational. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company's financial condition or results of operations.