Inotiv Provides Notice Regarding Cybersecurity Incident

Rhea-AI Summary

Inotiv (NASDAQ: NOTV) disclosed a cybersecurity incident detected August 5, 2025, with unauthorized access occurring approximately August 5–8, 2025. The company said certain data may have been acquired, including sensitive personal information, and it notified affected individuals, regulators, and U.S. law enforcement.

Inotiv offered complimentary credit monitoring, launched an external investigation, and said it has taken steps to contain the incident and enhance security.

Positive

• Detected unusual activity promptly on August 5, 2025
• Launched external cybersecurity investigation with specialists
• Notified regulators and U.S. law enforcement
• Offered complimentary credit monitoring to affected individuals

Negative

• Unauthorized access occurred approximately August 5–8, 2025
• Personal data potentially acquired including SSNs and medical information
• Affected records include current/former employees, family members, and others
• Limited contact information required substitute website notice for some individuals

Key Figures

Incident detection date: August 5, 2025 Incident determination date: August 8, 2025 Incident window: August 5–8, 2025 +4 more

7 metrics

Incident detection date August 5, 2025 Date unusual system activity was first detected

Incident determination date August 8, 2025 Date activity was determined to be unauthorized

Incident window August 5–8, 2025 Period during which threat actor accessed systems

US contact phone (833) 918-5956 Toll-free support number for U.S. residents

Non-US contact phone (214) 393-3323 Support number for individuals outside the U.S.

Support hours 8 am–8 pm Central Time Monday–Friday, excluding major U.S. holidays

Engagement number B158971 Reference number requested for inquiries

Market Reality Check

Price: $0.2848 Vol: Volume 668,280 is about 1...

high vol

$0.2848 Last Close

Volume Volume 668,280 is about 1.7x the 20-day average of 393,095, indicating elevated trading interest ahead of and around the breach notice. high

Technical Shares at $0.2848 are trading below the 200-day MA of $1.46 and sit close to the $0.29 52-week low, far from the $4.51 52-week high.

Peers on Argus

NOTV fell 7.58% while peers were mixed: PRPO up 5.36%, BDSX up 6.13%, ISPC down ...

2 Up 1 Down

NOTV fell 7.58% while peers were mixed: PRPO up 5.36%, BDSX up 6.13%, ISPC down 8.18%, PRPH and ADVB modestly lower. Momentum data show some peers like ISPC and XWEL moving up, others like BNR down, reinforcing a stock-specific reaction to NOTV’s cybersecurity disclosure.

Historical Context

5 past events · Latest: Feb 09 (Negative)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Feb 09	Q1 2026 earnings	Negative	-13.6%	Flat revenue but larger losses and limited cash prompted a sharp selloff.
Feb 04	Earnings call notice	Neutral	-6.8%	Scheduling announcement for upcoming Q1 FY2026 results and conference call.
Jan 13	Platform collaboration	Positive	-3.3%	LifeNet TruVivo® integration to enhance translational drug discovery capabilities.
Dec 11	AI partnership	Positive	-4.5%	VUGENE AI/ML bioinformatics partnership to boost data-driven drug discovery.
Dec 03	Q4/FY2025 earnings	Positive	+8.1%	Revenue growth and narrowed operating loss alongside disclosure of 2025 cyber incident.

Pattern Detected

Stock often sells off on both operational updates and partnerships; positive Q4/FY2025 earnings were a recent exception with a rebound.

Recent Company History

Over the past few months, NOTV has reported mixed fundamentals and strategic updates. Q4 FY2025 results on Dec 3, 2025 showed revenue growth and improved operating losses, and the stock rose 8.13%, even as management disclosed an August 2025 cybersecurity incident. Subsequent AI and platform collaborations in December and January drew negative price reactions despite positive strategic framing. Early February Q1 FY2026 earnings on Feb 9, 2026 brought flat revenue but sizable losses, with shares dropping 13.63%. Today’s detailed breach notice fits into a backdrop of operational strain and prior cyber disclosures.

Regulatory & Risk Context

Active S-3 Shelf

Shelf Active

Active S-3 Shelf Registration 2025-08-29

An effective S-3 shelf filed on Aug 29, 2025 allows NOTV to conduct future securities offerings, including an at-the-market equity program with up to 3.0% commission under a sales agreement. The prospectus cites an auditor paragraph raising substantial doubt about continued going concern and highlights immediate dilution risk and variability of ATM proceeds, underscoring financing and capital-structure uncertainty.

Market Pulse Summary

This announcement formalizes and expands on earlier disclosure of an August 2025 cybersecurity incid...

Analysis

This announcement formalizes and expands on earlier disclosure of an August 2025 cybersecurity incident, detailing that a threat actor accessed systems and potentially acquired sensitive personal data. It highlights remedial steps, regulator and law-enforcement notifications, and support measures like credit monitoring. Set against recent losses, going-concern language, and an S-3 shelf for potential equity issuance, investors may watch for litigation, regulatory outcomes, and any incremental security or compliance costs following this breach.

Key Terms

cybersecurity incident, threat actor, biometric data, digital signatures, +2 more

6 terms

cybersecurity incident technical

"is providing public notice regarding its cybersecurity incident that it became aware"

A cybersecurity incident is an event where someone's computer systems or data are attacked or broken into without permission. It matters because it can lead to stolen information, financial loss, or disruptions in services, similar to a break-in at a store that damages property or steals valuable items.

threat actor technical

"unusual activity was due to unauthorized actions by a threat actor."

A threat actor is an individual, group, or organization that deliberately tries to harm a company’s systems, data, or operations—ranging from lone hackers and criminal gangs to insiders or state-sponsored teams. For investors this matters because successful attacks can cause direct financial loss, regulatory fines, interrupted business, or damaged trust—like a burglar stealing valuables or sabotaging a storefront, harming the company’s value and future earnings.

biometric data technical

"medical information, biometric data, passport information, digital signatures, and"

Biometric data are unique physical or behavioral traits—such as fingerprints, facial scans, voice patterns, iris images, heart rhythm or walking style—used to identify or verify a person, like a living password tied to your body. For investors this matters because handling these sensitive data brings legal rules, breach and liability risks, and reputational consequences that can affect costs, regulatory fines and a company’s stock value.

digital signatures technical

"biometric data, passport information, digital signatures, and contact information,"

A digital signature is a secure electronic stamp attached to a document or message that proves who sent it and that the content hasn’t been altered. Think of it like a tamper-proof wax seal and signature combined for files; it matters to investors because it helps ensure disclosures, contracts, and filings are authentic and unmodified, reducing fraud risk and legal uncertainty around important corporate information.

credit monitoring financial

"has offered complimentary credit monitoring to these individuals."

Credit monitoring is a service that continuously watches a person’s or company’s credit reports and scores and sends alerts about changes—such as new accounts, inquiries, or signs of fraud—like a smoke alarm for your credit file. Investors care because it can be a recurring revenue product for businesses and, conversely, gaps or breaches in credit monitoring can lead to customer losses, regulatory fines and credit-risk signals that affect a company’s financial health and stock value.

identity theft financial

"remain vigilant for incidents of fraud and identity theft, including by regularly"

Identity theft is when someone steals another person’s personal details—such as name, Social Security number, bank account or login credentials—and uses them to impersonate that person to access money, credit, or services. For investors this matters because it can lead to direct financial losses, regulatory penalties, lawsuits, and damaged customer trust that can reduce revenue and stock value, much like a break‑in that shakes confidence in a business.

AI-generated analysis. Not financial advice.

WEST LAFAYETTE, Ind., Feb. 13, 2026 (GLOBE NEWSWIRE) -- Inotiv, Inc. (NASDAQ: NOTV) (the “Company”, or “Inotiv”), a leading contract research organization specializing in nonclinical and analytical drug discovery and development services and research models and related products and services, is providing public notice regarding its cybersecurity incident that it became aware of on August 8, 2025.

As previously described in the Company’s Current Report on Form 8-K filed with the Securities and Exchange Commission (the “SEC”) on August 18, 2025 and its subsequent SEC filings, Inotiv experienced a cybersecurity incident in early August 2025. While Inotiv currently has no indication that personal information has been misused, it has provided notice via mail and email, and via this release and an accompanying posting on its website, to inform individuals whose personal information was potentially involved. This notification provides details of the incident and Inotiv’s response, the resources it is making available to individuals whose personal information has been identified as potentially involved, and additional steps individuals can take if they believe their personal information was potentially involved.

On August 5, 2025, Inotiv detected unusual activity on certain of its systems and promptly initiated an investigation. On August 8, 2025, Inotiv determined that this unusual activity was due to unauthorized actions by a threat actor. Inotiv’s investigation determined that between approximately August 5-8, 2025, a threat actor gained unauthorized access to Inotiv’s systems and may have acquired certain data.

Upon learning of the potential data acquisition, Inotiv took prompt action to identify and review the data and identify individuals whose personal information may have been involved. Inotiv subsequently determined that certain data may have been acquired by the threat actor during this incident, including personal information.

Inotiv maintains certain data related to current and former employees of Inotiv and their family members, as well as certain data related to other individuals who have interacted with Inotiv or companies it has acquired. Inotiv’s review determined that the personal information potentially involved included names, Social Security numbers, tax identification numbers, driver’s license numbers, other government-issued identification numbers or details, dates of birth, financial account information, payment card information, health insurance information, medical information, biometric data, passport information, digital signatures, and contact information, among other types of information.

Upon detecting the unusual activity, Inotiv promptly took steps to contain it and launched an investigation with the support of external cybersecurity specialists. Inotiv also notified regulators and U.S. law enforcement. Notification was not delayed as a result of a law enforcement investigation.

Inotiv has notified individuals whose personal information was potentially involved via mail and email where such contact information was available and has offered complimentary credit monitoring to these individuals. Inotiv is further posting substitute notice on its website and issuing this release for the limited number of individuals whose information was potentially involved but for whom Inotiv could not locate valid contact information.

Inotiv recommends that individuals remain vigilant for incidents of fraud and identity theft, including by regularly reviewing and monitoring their credit history and credit reports to detect any errors and guard against any unauthorized transactions or activity. Inotiv also recommends that individuals closely monitor their account statements and notify their financial institution if they suspect any unauthorized activity.

Please be assured that Inotiv has taken steps to address the incident and to further enhance its security measures to protect individuals’ data. If you have any questions about this notice or the incident and believe your information may have been potentially involved, please contact (833) 918-5956 (U.S. residents, toll-free) or (214) 393-3323 (individuals outside the U.S.) Monday through Friday, from 8 am to 8 pm Central Time (excluding major U.S. holidays) or dataprivacymanager@inotiv.com. Please be prepared to provide engagement number B158971.

About Inotiv
Inotiv, Inc. is a leading contract research organization dedicated to providing non-clinical and analytical drug discovery and development services and research models and related products and services. The Company’s products and services focus on bringing new drugs and medical devices through the discovery and preclinical phases of development, all while increasing efficiency, improving data, and reducing the cost of taking new drugs and medical devices to market. Inotiv is committed to supporting discovery and development objectives as well as helping researchers realize the full potential of their critical research and development projects, all while working together to build a healthier and safer world. Further information about Inotiv can be found here: https://www.inotiv.com/.

This release contains statements that constitute “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Such statements include statements regarding the Company's assessment of the cybersecurity incident, ongoing or potential impacts, and efforts of the Company related to the incident. Actual results may vary materially from those expressed or implied by forward-looking statements based on a number of factors, including, without limitation: the results of further analyses of the scope and details of the data that the threat actor accessed; release by the threat actor of any of the Company’s data, including third party data held by the Company, or the use of any such data for any fraudulent purposes; potential adverse impact of the incident on the Company's results of operations, including revenue, operating income and cash flows from operations, and on its financial condition, including liquidity; diversion of management’s attention from operations of the Company to addressing the cybersecurity incident; potential litigation related to the cybersecurity incident; potential adverse effects on relationships with customers, suppliers and other third parties as a result of the cybersecurity incident; reputational risk related to the cybersecurity incident; regulatory scrutiny of the cybersecurity incident; and various other risks, including those detailed in the Company's filings with the SEC.

Company Contact		Investor Relations
Inotiv, Inc.		LifeSci Advisors
Beth A. Taylor, Chief Financial Officer		Steve Halper
(765) 497-8381		(646) 876-6455
beth.taylor@inotiv.com		shalper@lifesciadvisors.com

FAQ

What did Inotiv (NOTV) say happened in the August 2025 cybersecurity incident?

Inotiv says unauthorized access occurred approximately August 5–8, 2025, and some data may have been acquired. According to the company, it detected unusual activity on August 5, launched an investigation, and determined unauthorized actions by a threat actor by August 8.

What types of personal information did Inotiv (NOTV) report may have been involved?

Inotiv reported names, Social Security numbers, driver’s license numbers, financial and medical details may be involved. According to the company, other data potentially acquired included biometric, passport, tax ID, digital signatures, and contact information.

How has Inotiv (NOTV) notified people potentially affected by the breach?

Inotiv notified individuals via mail and email where contact details existed and posted substitute website notice. According to the company, it also issued this public release and offered complimentary credit monitoring to impacted individuals.

What remedial actions did Inotiv (NOTV) take after detecting the incident?

Inotiv contained the activity, engaged external cybersecurity specialists, and notified regulators and law enforcement. According to the company, notification was not delayed by law enforcement and it is enhancing security measures to protect data.

How can individuals contact Inotiv (NOTV) about potential involvement of their information?

Individuals can call (833) 918-5956 (U.S.) or (214) 393-3323 (outside U.S.) or email dataprivacymanager@inotiv.com. According to the company, support is available Monday–Friday 8 am–8 pm Central Time and reference engagement number B158971.

What steps does Inotiv (NOTV) recommend for people worried about identity theft?

Inotiv recommends monitoring credit reports, account statements, and notifying financial institutions of suspicious activity. According to the company, individuals should remain vigilant for fraud and consider the complimentary credit monitoring offered if notified as affected.