"On May 7, 2026, West Pharmaceutical Services, Inc. determined that [...it] has experienced a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party and certain systems were encrypted," West Pharmaceutical Services notes in a filing with the U.S. Securities and Exchange Commission (SEC).
Timeline: detection on May 4, material determination on May 7
West Pharmaceutical Services detected an intrusion on May 4, 2026, and says it reached a formal determination of a "material cybersecurity attack" on May 7, 2026, in an SEC filing. The company says an investigation is underway to determine the exact nature and scope of the incident and the specific types of data removed from its network.
What was taken and what was affected
According to the company, an unauthorized party stole data from the network and encrypted certain systems. West Pharmaceutical Services says it has taken steps to mitigate the risk that the exfiltrated data will be disseminated, but the firm has not specified what those mitigation steps are. At the time of reporting, no ransomware groups had claimed responsibility for the attack.
Operational impact and recovery status
The attack "inevitably disrupted the company’s global business operations," the company acknowledged. West Pharmaceutical Services reported that it has restored its core enterprise systems that support shipping and manufacturing operations and that manufacturing has been partially restarted. It also made clear that complete restoration of all systems had not yet been achieved and that no timeline for finalizing restoration was being provided. The company likewise has not provided any estimate of the incident’s material impact on its financial results.
Incident response: containment, external experts, and law enforcement
Upon initial detection, the company says it "promptly activated its incident response protocols," which included proactively taking systems offline globally for containment, notifying law enforcement, and engaging external cyber‑forensic experts. In comments to BleepingComputer, a company spokesperson detailed measures taken "to contain and mitigate the potential impact," including the "proactive shutdown and isolation of affected on‑premise infrastructure," restrictions on enterprise access, and wider crisis‑management steps.
West Pharmaceutical Services engaged Palo Alto Networks’ Unit 42 for incident response, containment, and recovery efforts, and said it is coordinating with other external experts and legal counsel as the investigation continues.
How technologists, regulators, and customers are likely to respond
- Technologists and security teams: Expect intensive forensic work to identify the attack vector, the scope of exfiltration, and the remaining encryption cleanup. The company has already engaged external cyber‑forensic experts and has taken affected on‑premise infrastructure offline.
- Regulators and investors: West Pharmaceutical made a formal disclosure to the SEC and described the event as "material," which will shape regulatory reporting and investor communications while the company declines to estimate financial impact.
- Customers and supply‑chain partners: With manufacturing only partially restarted and core enterprise systems restored but not fully online, customers that depend on West Pharmaceutical’s injectable packaging and delivery‑device components will be monitoring recovery progress and any supply disruptions.
West Pharmaceutical Services is a publicly traded S&P 500 manufacturer with annual revenues exceeding $3 billion and more than 10,800 employees worldwide. The company specializes in injectable drug packaging, syringe and vial components, containment systems, and drug delivery devices.
The central facts are straightforward: intrusion detected May 4, material determination May 7, data taken and systems encrypted, containment actions taken and external experts engaged, partial restoration underway, and an active investigation continuing. The key unanswered operational items — the precise nature of the stolen data, the full scope of system impact, the final restoration timeline, and any financial consequences — remain to be established by the ongoing investigation and by the company’s further disclosures.
Original reporting: BleepingComputer — West Pharmaceutical says hackers stole data, encrypted systems
