Precipio Identifies Unauthorized Access to Isolated Storage; No Operational Impact

Rhea-AI Summary

Precipio (NASDAQ:PRPO) identified a single, limited unauthorized access to a specific data folder in its secure cloud file environment on Dec. 4, 2025.

Initial findings say the breach was limited to historical files in a customer service folder (operational procedures, temperature logs, vendor invoices) and did not include patient Social Security numbers, addresses, patient financial data, proprietary company data, or affect diagnostics, operations, or patient care.

The company activated incident response, engaged external cybersecurity counsel and forensic specialists, reset companywide passwords, enhanced monitoring, and reports no evidence of continued access. Precipio expects related costs to be covered by its cybersecurity insurance and currently does not anticipate material impact to operations or shareholders.

Positive

• Breach limited to a single data folder in cloud storage
• No patient Social Security numbers or patient financial data exposed
• No proprietary company or financial data found in accessed folders
• Engaged external cybersecurity law firm and forensic specialists
• Company reset passwords companywide and enhanced monitoring
• Expected investigation costs covered by cybersecurity insurance

Negative

• Unauthorized party downloaded historical files from customer service folder
• Access included vendor invoices and operational/temperature logs
• Investigation remains ongoing with potential for additional findings

News Market Reaction

-1.77%

1 alert

-1.77% News Effect

-8.1% Trough Tracked

-$758K Valuation Impact

$42M Market Cap

0.3x Rel. Volume

On the day this news was published, PRPO declined 1.77%, reflecting a mild negative market reaction. Argus tracked a trough of -8.1% from its starting point during tracking. This price movement removed approximately $758K from the company's valuation, bringing the market cap to $42M at that time.

Data tracked by StockTitan Argus on the day of publication.

Key Figures

Incident date: Dec. 04, 2025

1 metrics

Incident date Dec. 04, 2025 Date company reported identifying unauthorized access

Market Reality Check

Price: $23.50 Vol: Volume 5,627 is well belo...

low vol

$23.50 Last Close

Volume Volume 5,627 is well below 20-day average of 15,147 (relative volume 0.37x). low

Technical Price 24.95 is trading above 200-day MA of 13.68 and 12.44% below 52-week high.

Peers on Argus

Peers showed mixed moves: NOTV -4.32%, PRPH -5.43%, ISPC -1.56%, ADVB +6.37%, BI...

Peers showed mixed moves: NOTV -4.32%, PRPH -5.43%, ISPC -1.56%, ADVB +6.37%, BIAF +0.61%, suggesting today’s modest -1.15% move in PRPO is more stock-specific than sector-wide.

Historical Context

5 past events · Latest: Dec 05 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Dec 05	Scientific conference update	Positive	-3.7%	ASH 2025 BCR::ABL1 assay data from 895 samples showing superior performance.
Dec 04	Cybersecurity incident	Negative	-1.8%	Disclosure of limited unauthorized cloud-folder access with no operational impact.
Nov 14	Q3 2025 earnings	Positive	+8.8%	Q3 revenue growth, positive adjusted EBITDA, and improved operating cash flow.
Nov 04	Shareholder call notice	Neutral	+2.9%	Announcement of Q3‑2025 shareholder update call and access details.
Sep 02	ATM termination	Positive	-0.7%	Termination of ATM facility following elimination of negative operating cash flow.

Pattern Detected

Across the last five events, PRPO showed more divergences (3) than alignments (2), including selloffs on seemingly positive scientific and capital-structure updates.

Recent Company History

Over the past few months, Precipio reported stronger Q3‑2025 fundamentals, with revenues of $6.8M and positive adjusted EBITDA of $469K, alongside improved operating cash flow. Governance and funding actions included termination of its ATM instrument and multiple Form 4 filings showing directors and the COO acquiring shares, often in lieu of cash compensation. On the operational front, the company announced a Q3‑2025 shareholder call and an ASH 2025 poster on its BCR::ABL1 assay using 895 patient samples. Today’s limited-scope data access incident follows this trajectory of operational and scientific updates without stated material impact.

Market Pulse Summary

This announcement details a limited unauthorized access to a cloud-based customer service folder, wi...

Analysis

This announcement details a limited unauthorized access to a cloud-based customer service folder, with the company reporting no impact on diagnostics, operations, finances, or patient Social Security and financial data. Management activated incident response procedures, engaged external cybersecurity and forensic experts, reset passwords, and enhanced monitoring. With prior filings highlighting both revenue growth and going‑concern language, investors may watch for any future cybersecurity disclosures or operational changes stemming from this review.

Key Terms

secure cloud file environment, incident response procedures, cybersecurity law firm, forensic specialists, +1 more

5 terms

secure cloud file environment technical

"unauthorized access to a specific data folder stored within its secure cloud file environment"

A secure cloud file environment is a digital storage space hosted online that protects files from unauthorized access or theft. It functions like a locked, digital filing cabinet accessible only to authorized users, ensuring sensitive information remains private and safe. This is important for investors because it helps safeguard financial data and personal information from cyber threats.

incident response procedures technical

"the Company immediately initiated its incident response procedures and engaged an external"

Incident response procedures are a set of planned steps that organizations follow to quickly address and manage unexpected problems or emergencies, such as security breaches or system failures. They help minimize damage, restore normal operations, and protect valuable information. For investors, having effective procedures indicates that a company is prepared to handle crises efficiently, reducing potential risks and financial losses.

cybersecurity law firm regulatory

"engaged an external cybersecurity law firm and forensic specialists to assist"

A cybersecurity law firm is a legal practice that specializes in advising organizations on data breaches, privacy rules, regulatory investigations, and the legal steps to prevent or respond to cyber incidents. Think of it as a combination of a legal advisor and emergency responder that helps limit fines, lawsuits and reputational damage after a hack and guides compliance and contract protections beforehand — outcomes that can materially affect a company’s value and investor risk.

forensic specialists technical

"cybersecurity law firm and forensic specialists to assist in the investigation"

Forensic specialists are experts who investigate and analyze financial records and transactions to uncover and prevent fraud, theft, or other financial crimes. They examine complex data much like detectives piecing together clues, helping ensure that financial activities are honest and lawful. Their work provides transparency and confidence for investors by identifying potential risks or illegal practices.

cybersecurity insurance policy financial

"Precipio maintains a comprehensive cybersecurity insurance policy and expects that costs"

A cybersecurity insurance policy is a type of protection that helps organizations cover the costs associated with digital security breaches, such as hacking or data theft. It acts like an insurance plan for a company's online safety, providing financial support to recover from cyberattacks. For investors, it signals that a company is managing digital risks, which can be important for its stability and reputation.

AI-generated analysis. Not financial advice.

NEW HAVEN, Conn., Dec. 04, 2025 (GLOBE NEWSWIRE) -- Precipio, Inc. reports that the Company recently identified a single, limited scope unauthorized access to a specific data folder stored within its secure cloud file environment. The incident was limited to its file storage server and did not impact any of Precipio’s operations, diagnostics processes, or customer services, and the company continued to provide its services unhindered. There was no impact to patient care; nor impact to the company’s operations or finances.

Upon detecting the activity, the Company immediately initiated its incident response procedures and engaged an external cybersecurity law firm and forensic specialists to assist in the investigation and to help ensure the security of its systems. Precipio also took prompt steps to secure the environment, reset passwords company wide, and enhance monitoring and at this time, we are not seeing evidence of continued unauthorized access.

While the investigation remains ongoing, current findings indicate that an unauthorized third party accessed and downloaded certain historical files within the customer service folder. Initial investigation shows that the majority of these files contained previously used operational procedures, temperature logs, vendor invoices and similar historical information which poses no risk or damage to the company. No patient Social Security numbers, addresses, or other patient financial information was included. Additionally, no company proprietary or financial data was included in the folders that were breached.

We are pursuing a thorough investigation with top-tier cybersecurity partners, and although the review is ongoing, our current assessment strongly suggests that the incident was limited in scope and that our systems are stable.

Precipio maintains a comprehensive cybersecurity insurance policy and expects that costs associated with the investigation, forensic analysis, and related response efforts will be covered in accordance with policy terms. Based on the information available at this time the company does not anticipate any material impact to its operations, customers, patient care, or to its shareholders as a result of this incident.

The Company will provide further updates if and as appropriate.

About Precipio

Precipio is a healthcare biotechnology company focused on cancer diagnostics. Our mission is to address the pervasive problem of cancer misdiagnoses by developing solutions in the form of diagnostic products and services. Our products and services deliver higher accuracy, improved laboratory workflow, and ultimately better patient outcomes, which reduce healthcare expenses. Precipio develops innovative technologies in our laboratory where we design, test, validate, and use these products clinically, improving diagnostic outcomes. Precipio then commercializes these technologies as proprietary products that serve the global laboratory community and further scales Precipio’s reach to eradicate misdiagnosis.

Availability of Other Information About Precipio

For more information, please visit the Precipio website at https://www.precipiodx.com/ or follow Precipio on X (formerly Twitter) (@PrecipioDx) and LinkedIn (Precipio) and on Facebook. Investors and others should note that we communicate with our investors and the public using our company website (https://www.precipiodx.com), including, but not limited to, company disclosures, investor presentations and FAQs, Securities and Exchange Commission filings, press releases, public conference call transcripts and webcast transcripts, as well as on X and LinkedIn. The information that we post on our website or on X or LinkedIn could be deemed to be material information. As a result, we encourage investors, the media and others interested to review the information that we post there on a regular basis. The contents of our website or social media shall not be deemed incorporated by reference in any filing under the Securities Act of 1933, as amended.

Forward-Looking Statements

This press release contains “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. All statements contained in this press release that do not relate to matters of historical fact should be considered forward-looking statements, including, without limitation, statements regarding the targets set herein and related timing. Except for historical information, statements about future volumes, sales, growth, costs, cost savings, margins, earnings, earnings per share, diluted earnings per share, cash flows, adjusted EBITDA, plans, objectives, expectations, growth or profitability and our potential to reach financial independence are forward-looking statements based on management’s estimates, beliefs, assumptions and projections. Words such as “could,” “may,” “expects,” “anticipates,” “will,” “targets,” “goals,” “projects,” “intends,” “plans,” “believes,” “seeks,” “estimates,” “predicts,” and variations on such words, and similar expressions that reflect our current views with respect to future events and operational, economic and financial performance, are intended to identify such forward-looking statements. These forward-looking statements are only predictions based on management’s current expectations. These statements are neither promises nor guarantees, but involve known and unknown risks, uncertainties and other important factors that may cause our actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by the forward-looking statements, including, but not limited to, the important factors discussed under the caption “Risk Factors” in our Annual Report on Form 10-K for the fiscal year ended December 31, 2024, and our other reports filed with the U.S. Securities and Exchange Commission. Any such forward-looking statements represent management’s estimates as of the date of this press release only. While we may elect to update such forward-looking statements at some point in the future, except as required by law, we disclaim any obligation to do so, even if subsequent events cause our views to change. These forward-looking statements should not be relied upon as representing our views as of any date subsequent to the date of this press release.

Inquiries:
investors@precipiodx.com
+1-203-787-7888 Ext. 523

FAQ

What did Precipio (PRPO) announce about the Dec. 4, 2025 unauthorized access?

Precipio reported a single, limited access to a cloud file folder that downloaded historical customer service files and said operations and patient care were not affected.

Did the Precipio (PRPO) data access expose patient Social Security numbers or financial data?

No; the company said no patient Social Security numbers, addresses, or patient financial information were included in the accessed files.

Will Precipio (PRPO) incur out-of-pocket costs for the cybersecurity response?

Precipio expects investigation and response costs to be covered under its comprehensive cybersecurity insurance policy, per the announcement.

What immediate steps did Precipio (PRPO) take after detecting the unauthorized access?

The company initiated incident response, hired external cybersecurity counsel and forensic specialists, reset passwords companywide, and enhanced monitoring.

Does the Precipio (PRPO) breach affect the company’s operations or shareholders?

Based on current information, the company does not anticipate any material impact to operations, customers, patient care, or shareholders.