An example of how to communicate a breach. It ticks the ‘This is what happened/This is what we’re doing about it/This is how it might affect you/This is what happens next” boxes. There’s a bit of marketing-speak in here though. I wonder who the “world class cyber security experts” are?…:
As communicated in an ad hoc press release on Monday June 3rd, during the weekend of 1st/2nd June, Eurofins Scientific (EUFI.PA) was affected by a ransomware attack which caused disruption to many of its IT systems in several countries. Eurofins IT staff and their internal and external IT security teams and experts took prompt actions to contain the incident, mitigate its impact and have been working nonstop to return the IT operations to normal in the companies of the Group that have been affected. As Eurofins IT teams reacted promptly many of the Group’s companies were able to continue operating without impacting customers. Moreover, from Tuesday, 4th June we were able to resume full or partial operations for a number of impacted companies and continue to do so every day.
Eurofins companies have alerted and are cooperating with law enforcement agencies and renowned IT forensics and security companies in the investigation of this matter. The ransomware involved appears to have been a new malware variant which was initially non-detectable by the anti-malware screen of our leading global IT security services provider at the time of the attack and required an updated version made available only hours into the attack. The facts pattern of this attack as well as information from law enforcement and independent cybersecurity experts lead us to believe that this attack has been carried out by highly sophisticated well-resourced perpetrators. Forensics investigations are ongoing but we have identified the variant of the malware used and it is now being recognised and when detected neutralized by our IT security solutions as updated with the versions released on Sunday June 2nd.
Additional security tools we are deploying since then as well as the world class cyber security experts who are supporting us are and will be providing additional protection and monitoring. We are continuing to work intensively with leading cybersecurity experts to further secure our current systems and infrastructure and to add enhanced security features and measures to protect our systems and data.
The investigations conducted so far by our internal and external IT forensics experts have not found evidence of any unauthorised theft or transfer of confidential client data. The security of our client data and of all our IT systems is of the utmost importance to Eurofins. Eurofins companies remain committed to making significant investments in the continuous improvement of the security of their IT systems.
From the onset of this attack and at this stage, the priority remains to ensure that the systems used by our companies are free of the malware and that updated and additional security tools have been installed on all our devices and servers. We can then aim to reconnect one by one the remaining sites and companies that are not yet online and if required activate failover systems or restore systems and resume operations.
Eurofins profoundly apologises to the customers of those of its laboratories and sites that have been impacted by the consequences of this sophisticated attack. In as much as possible the companies concerned have been in communication with affected customers and shared further information as needed and available. One week after the attack, substantial progress has been made to put our systems back on line and we continue to put all our efforts to get things back to normal as soon as possible.
In spite of sometimes significant obstacles, the staff in our affected laboratories has been finding countless ways of working to ensure the full or partial continuity of our business and to minimise the impact of this ransomware attack on their customers. The impact of this attack on our financial results may unfortunately be material but at this point, it is still too early to evaluate the net potential financial impact of this incident on our operations as well as the proportion of revenue losses that will be mitigated by reimbursement from our insurers. It is also too early to evaluate what proportion of the lost work days in the affected companies can be caught back over the next few days and weeks, including through additional shifts and weekend work. For the above reasons and as many of the affected sites were only partially impacted and their restart to full productivity can happen progressively over time, at this time it is not possible to provide reliable consolidated information as to the proportion of revenues that has been and will be affected as a result of this incident. The focus of our teams in the companies that were affected is to get operations fully up and running again, and delivering the quality and speed of service our customers are used to get from their Eurofins laboratory, and that they deserve. We will provide an update on the financial impact of this attack as part of our half-year report publication at the end of August.