The ransomware attack against Inotiv was detected on August 8, 2025, when the company experienced a disruption to some of its business operations due to blocked access to certain networks, systems, and data storage. In a subsequent filing with the U.S. Securities and Exchange Commission on December 3, 2025, Inotiv confirmed that it had successfully restored access to all affected systems and networks.
The internal investigation into the incident concluded that a ransomware group had maintained access to the company’s network for approximately three days, from August 5 to August 8, 2025. It was during this period that the group may have acquired certain data.
A breach notice filed with the Maine Attorney General specified that the sensitive personal information of 9,542 individuals was compromised in the attack. The data involved included names, addresses, dates of birth, Social Security numbers, driver’s license numbers or other government ID numbers, credit or debit card information, medical information, and health insurance information. The affected individuals include the company’s current and former employees, their dependents, and other individuals who had prior interactions with Inotiv or companies it had acquired.
Although Inotiv did not mention a ransom demand or disclose the identity of the attackers, the Qilin ransomware group claimed responsibility for the attack. Qilin added Inotiv to its dark web data leak site in mid-August and claimed to have stolen 176 GB of data. Qilin is a currently active ransomware-as-a-service group known for targeting organizations in the healthcare and pharmaceutical sectors, including a highly disruptive attack on the UK pathology services provider Synnovis.
Reference:
