- Charles River Laboratories on Tuesday offered up a few more details about a cybersecurity breach disclosed last week, updating investors as the laboratory services company reporting first quarter earnings.
- Costs to address the breach likely won't be material and won't cause the company to adjust its financial guidance for 2019, Charles River executives told investors on a May 7 conference call.
- The attack didn't disrupt the company's operations and only affected about 1% of clients, who have all been notified, Charles River said.
As cyber invasions go, Charles River may have gotten off lightly.
A 2017 attack on Merck & Co. led to worldwide disruptions including unfilled orders that cost the giant drugmaker $260 million in lost sales that year. Like most industries, pharmaceutical companies are becoming increasingly reliant on computer networks and sophisticated software.
Insurance will cover part of the costs for Charles River, according to the company's executive vice president and chief financial officer, David Smith. While it's still early, the company doesn't expect the incident to be a "major drag" on financial performance, Smith told investors on the conference call.
Charles River was attacked by "very sophisticated, well-resourced intruders" who have targeted other organizations as well, the company said in an online Q&A. The company said it closed off the known access point for the hackers and is working with law enforcement and security experts to protect its systems.
The incident didn't involve malware or ransomware, Charles River said in its earnings presentation accompanying the conference call. The company also said it is confident that no data was deleted, altered or corrupted.
Charles River may have benefited from a quicker-than-usual detection of the cybersecurity breach. The company first noted unusual activity in mid-March and contacted law enforcement, eventually learning that some client data had been copied.
By April 30, all the affected clients had been contacted and most were understanding, with some offering their own expertise to help address the incident, Charles River Chairman and Chief Executive Officer James Foster said on the conference call.
"We're feeling not good about the incident but really good about our response time and how clients have taken the information we provided them," Foster said.
Investors may not be so sure. Shares in Charles River fell 2% on disclosure of the breach and have slid further still following the company's earnings report.