Update on the cyber-attack announced on June 3, 2019
Monday, June 10, 2019
As communicated in an ad hoc press release on Monday June 3rd, during the weekend of 1st/2nd June, Eurofins Scientific (EUFI.PA) was affected by a ransomware attack which caused disruption to many of its IT systems in several countries. Eurofins IT staff and their internal and external IT security teams and experts took prompt actions to contain the incident, mitigate its impact and have been working nonstop to return the IT operations to normal in the companies of the Group that have been affected. As Eurofins IT teams reacted promptly many of the Group’s companies were able to continue operating without impacting customers. Moreover, from Tuesday, 4th June we were able to resume full or partial operations for a number of impacted companies and continue to do so every day.
Eurofins companies have alerted and are cooperating with law enforcement agencies and renowned IT forensics and security companies in the investigation of this matter. The ransomware involved appears to have been a new malware variant which was initially non-detectable by the anti-malware screen of our leading global IT security services provider at the time of the attack and required an updated version made available only hours into the attack. The facts pattern of this attack as well as information from law enforcement and independent cybersecurity experts lead us to believe that this attack has been carried out by highly sophisticated well-resourced perpetrators. Forensics investigations are ongoing but we have identified the variant of the malware used and it is now being recognised and when detected neutralized by our IT security solutions as updated with the versions released on Sunday June 2nd.
Additional security tools we are deploying since then as well as the world class cyber security experts who are supporting us are and will be providing additional protection and monitoring. We are continuing to work intensively with leading cybersecurity experts to further secure our current systems and infrastructure and to add enhanced security features and measures to protect our systems and data.
The investigations conducted so far by our internal and external IT forensics experts have not found evidence of any unauthorised theft or transfer of confidential client data. The security of our client data and of all our IT systems is of the utmost importance to Eurofins. Eurofins companies remain committed to making significant investments in the continuous improvement of the security of their IT systems.
From the onset of this attack and at this stage, the priority remains to ensure that the systems used by our companies are free of the malware and that updated and additional security tools have been installed on all our devices and servers. We can then aim to reconnect one by one the remaining sites and companies that are not yet online and if required activate failover systems or restore systems and resume operations.
Eurofins profoundly apologises to the customers of those of its laboratories and sites that have been impacted by the consequences of this sophisticated attack. In as much as possible the companies concerned have been in communication with affected customers and shared further information as needed and available. One week after the attack, substantial progress has been made to put our systems back on line and we continue to put all our efforts to get things back to normal as soon as possible.
In spite of sometimes significant obstacles, the staff in our affected laboratories has been finding countless ways of working to ensure the full or partial continuity of our business and to minimise the impact of this ransomware attack on their customers. The impact of this attack on our financial results may unfortunately be material but at this point, it is still too early to evaluate the net potential financial impact of this incident on our operations as well as the proportion of revenue losses that will be mitigated by reimbursement from our insurers. It is also too early to evaluate what proportion of the lost work days in the affected companies can be caught back over the next few days and weeks, including through additional shifts and weekend work. For the above reasons and as many of the affected sites were only partially impacted and their restart to full productivity can happen progressively over time, at this time it is not possible to provide reliable consolidated information as to the proportion of revenues that has been and will be affected as a result of this incident. The focus of our teams in the companies that were affected is to get operations fully up and running again, and delivering the quality and speed of service our customers are used to get from their Eurofins laboratory, and that they deserve. We will provide an update on the financial impact of this attack as part of our half-year report publication at the end of August.
For more information, please visit www.eurofins.com or contact:
Phone: +32 2 766 1620
Notes for the editor:
Eurofins – a global leader in bio-analysis
Eurofins Scientific through its subsidiaries (hereinafter sometimes “Eurofins” or “the Group”) believes it is a scientific leader in food, environment, pharmaceutical and cosmetics products testing and in agroscience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, CDMO, advanced material sciences and for supporting clinical studies. In addition, Eurofins is one of the leading global emerging players in specialty clinical diagnostic testing. With about 45,000 staff in more than 800 laboratories across 47 countries, Eurofins offers a portfolio of over 200,000 analytical methods for evaluating the safety, identity, composition, authenticity, origin and purity of biological substances and products, as well as for innovative clinical diagnostic. The Group objective is to provide its customers with high-quality services, accurate results on time and expert advice by its highly qualified staff.
Eurofins is committed to pursuing its dynamic growth strategy by expanding both its technology portfolio and its geographic reach. Through R&D and acquisitions, the Group draws on the latest developments in the field of biotechnology and analytical chemistry to offer its clients unique analytical solutions and the most comprehensive range of testing methods.
As one of the most innovative and quality oriented international players in its industry, Eurofins is ideally positioned to support its clients’ increasingly stringent quality and safety standards and the expanding demands of regulatory authorities around the world.
The shares of Eurofins Scientific are listed on the Euronext Paris Stock Exchange (ISIN FR0000038259, Reuters EUFI.PA, Bloomberg ERF FP).
This press release contains forward-looking statements and estimates that involve risks and uncertainties. The forward-looking statements and estimates contained herein represent the judgment of Eurofins Scientific’s management as of the date of this release. These forward-looking statements are not guarantees for future performance, and the forward-looking events discussed in this release may not occur. Eurofins Scientific disclaims any intent or obligation to update any of these forward-looking statements and estimates. All statements and estimates are made based on the information available to the Company’s management as of the date of publication, but no guarantee can be made as to their validity.