Inotiv Data Breach: 176 GB of Sensitive Data Stolen

On August. 8, 2025, Inotiv disclosed a major data breach in a filing with the Securities and Exchange Commission. The incident was later claimed by the Qilin ransomware group, who posted about the attack on the dark web on Aug. 19, 2025. So far, the cybersecurity incident has impacted at least 9,542 individuals across the U.S, including 880 in Texas and five in Maine, potentially exposing both personally identifiable information (PII) and protected health information (PHI).

According to Qilin, they exfiltrated 176 GB of data from Inotiv’s systems, including 161,967 files. The stolen information reportedly contained personal and protected health data of employees and other individuals involved with Inotiv. The hackers also acquired complete reports on the development and testing of dozens of drugs, which may include sensitive intellectual property and proprietary research data.

The data breach appears to have been carried out through a ransomware attack, with Qilin gaining unauthorized access to Inotiv’s network. According to reports, the cybercriminals made the the stolen data available for purchase on the dark web.

Compromised data of employees and other individuals involved with Inotiv may include names, phone numbers, email addresses, dates of birth, Social Security numbers, driver's license or state ID card information, payment and financial account information, health insurance information and medical information.

The company began notifying affected individuals by mail and reported the data breach to the California, Maine and Texas Attorney Generals' offices beginning on Dec. 2, 2025.

Inotiv's response

After detecting the breach, Inotiv began notifying federal regulators and launched an investigation. The company is also offering a complimentary 24 months of Experian IdentityWorks credit monitoring and identity theft protection services to those impacted.

If you receive notification from Inotiv or your provider about this breach, you may want to:

• Sign up for the free Experian IdentityWorks identity theft protection services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For additional information concerning the cybersecurity incident, impacted individuals may contact 833-918-5956, Monday through Friday, 8 a.m. to 8 p.m., ET.