Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Inotiv, Inc. Unknown (2025) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Unknown

Inotiv, Inc. · NOTV

Health CareUSAIncident August 8, 2025Filed August 8, 2025

Impact score

Business continuity

Partial

Insurance involved

Not disclosed

Filing

8-K · 8.01

Breach taxonomy

UnknownRansomwareRevenue ProcessConfidential BizBiz Interruption

Summary

On August 8, 2025, Inotiv, Inc. identified a cybersecurity incident in which a threat actor gained unauthorized access to and encrypted certain systems. The company activated its business continuity strategy, transitioned operations to offline alternatives, engaged cybersecurity specialists, and notified law enforcement. Internal data storage and business applications were impacted; full restoration timeline was unknown as of filing. Filed under Item 8.01; materiality not yet determined as of filing date.

Tagging rationale

ThreatUnknown

Filing refers only to a generic 'threat actor' with no attribution to a specific category → UNKNOWN.

MethodsRansomware

Filing states 'a threat actor gained unauthorized access to, and encrypted certain of, the Company's systems' → RANSOMWARE.

Assets

Revenue Process

Confidential Biz

Encrypted systems impacted internal data storage and business applications disrupting company operations; filing mentions possible data access by threat actor → REVENUE-PROCESS + CONFIDENTIAL-BIZ.

EffectsBiz Interruption

Filing states the incident 'has caused, and is expected to continue to cause, disruptions to certain business operations' with availability of systems impacted → BIZ-INTERRUPTION.

Business continuityPartial

Company initiated its business continuity strategy and transitioned certain operations to offline alternatives, but full restoration timeline remains unknown → Partial.

Impact

Ransomware encrypted systems at a contract research organization, disrupting operations; small-to-mid cap company with no quantified financial impact or data exposure confirmed → score 2.

InsuranceNot disclosed

Filing makes no mention of insurance → null.

Read the original SEC filing excerpt

Item 8.01. Other Events. On August 8, 2025, Inotiv, Inc. (the Company) became aware of a cybersecurity incident affecting certain of its systems and data. The Company's preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the Company's systems. Upon identifying encrypted systems, the Company took steps to contain, assess, and remediate the cybersecurity incident, including initiating an investigation, engaging external cybersecurity specialists, and restricting access to certain of its systems. The Company has also notified law enforcement. The cybersecurity incident has caused, and is expected to continue to cause, disruptions to certain business operations of the Company. The incident has temporarily impacted the availability of and access to certain of the Company's networks and systems, including access to portions of internal data storage and certain internal business applications. The Company is currently working to bring the impacted portions of its systems back online. In addition, and at the same time, the Company initiated its business continuity strategy and has transitioned certain operations to offline alternatives with the aim of reducing disruption to its business. While the Company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Health Care

Unknown · May 4, 2026

West Pharmaceutical Services, Inc.

West Pharmaceutical Services detected a network intrusion on May 4, 2026 and on May 7, 2026 determined it to be a material cybersecurity inc…

Unknown · April 1, 2026

Medtronic plc

Medtronic disclosed via a Reg FD (Item 7.01) press release dated April 24, 2026 that an unauthorized party accessed data in certain corporat…

Unknown · March 16, 2026

CareCloud, Inc.

On March 16, 2026, CareCloud experienced a network disruption in its CareCloud Health division caused by an unauthorized third party that te…

Unknown · March 11, 2026

Stryker Corporation

On March 11, 2026, Stryker Corporation identified a cybersecurity incident affecting its Entra ID/Active Directory environment, servers, and…