Cyberattack disrupts Inotiv (NASDAQ: NOTV) operations and systems

Rhea-AI Filing Summary

Inotiv, Inc. reported that on August 8, 2025 it discovered a cybersecurity incident in which a threat actor gained unauthorized access to and encrypted certain company systems. In response, Inotiv launched an investigation, engaged external cybersecurity specialists, restricted access to affected systems, and notified law enforcement.

The incident has disrupted parts of Inotiv’s business operations by limiting access to portions of its networks, internal data storage, and some internal business applications. The company has activated its business continuity plan, shifting some work to offline alternatives while it works to restore systems, though the timeline for full restoration is not yet known. The investigation is ongoing, and Inotiv states that the full scope, nature, and operational and financial impacts are not yet known, and it has not determined whether the incident is reasonably likely to have a material impact.

Insights

Cybersecurity and operational risk analyst

Inotiv discloses a ransomware-style cyber incident causing operational disruption with still-unknown financial impact.

Inotiv, Inc. reports that a threat actor gained unauthorized access to and encrypted certain systems, indicating a serious cybersecurity breach. The company responded by restricting access to affected systems, starting an investigation with external specialists, and notifying law enforcement, which are standard containment and remediation steps.

The company states that the incident has already disrupted certain business operations by limiting access to networks, internal data storage, and some internal applications. It has activated its business continuity strategy and moved some work to offline alternatives to reduce disruption, but it notes that the timeline for fully restoring affected systems is not yet known, which can prolong operational strain.

Inotiv emphasizes that the investigation is ongoing and that the full scope, nature, and impacts, including potential effects on revenue, operating income, cash flows, liquidity, customer relationships, and reputation, are not yet known. It also lists potential risks such as data access and possible release, regulatory scrutiny, and litigation. The company explicitly states it has not yet determined whether the incident is reasonably likely to have a material impact, so future disclosures will be important to understand the ultimate operational and financial consequences.

8-K Event Classification

Item 8.01 — Other Events

1 item

Item 8.01 Other Events Other

Voluntary disclosure of events the company deems important to shareholders but not covered by other items.

Understanding 8-K Material Events →

0000720154FALSE00007201542025-08-082025-08-08

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 8-K

CURRENT REPORT

Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): August 8, 2025

INOTIV, INC.

(Exact name of registrant as specified in its charter)

Indiana

0-23357

35-1345024

(State or other jurisdiction of  incorporation)

(Commission File Number)

(IRS Employer Identification No.)

2701 KENT AVENUE WEST LAFAYETTE,INDIANA						47906-1382
(Address of principal executive offices)						(Zip Code)

Registrant's telephone number, including area code: (765) 463-4527

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

o			Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
o			Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
o			Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
o			Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of each class

Trading Symbol(s)

Name of each exchange  on which registered

Common Shares

NOTV

The Nasdaq Stock Market LLC

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).

Emerging growth company o

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. o

Item 8.01.    Other Events.

On August 8, 2025, Inotiv, Inc. (the “Company”) became aware of a cybersecurity incident affecting certain of its systems and data. The Company’s preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the Company’s systems. Upon identifying encrypted systems, the Company took steps to contain, assess, and remediate the cybersecurity incident, including initiating an investigation, engaging external cybersecurity specialists, and restricting access to certain of its systems. The Company has also notified law enforcement.

The cybersecurity incident has caused, and is expected to continue to cause, disruptions to certain business operations of the Company. The incident has temporarily impacted the availability of and access to certain of the Company’s networks and systems, including access to portions of internal data storage and certain internal business applications. The Company is currently working to bring the impacted portions of its systems back online. In addition, and at the same time, the Company initiated its business continuity strategy and has transitioned certain operations to offline alternatives with the aim of reducing disruption to its business. While the Company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known.

The Company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known. Accordingly, the Company has not yet determined whether the incident is reasonably likely to have a material impact on the Company.

Cautionary Note Regarding Forward-Looking Statements

This Current Report on Form 8-K contains statements that constitute “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Such statements include statements regarding the Company's assessment of the cybersecurity incident, ongoing or potential impacts, and efforts of the Company related to the incident. Actual results may vary materially from those expressed or implied by forward-looking statements based on a number of factors, including, without limitation: any impairment of the integrity of the Company’s systems or data; delays or difficulties in restoring the Company’s systems and data; the Company’s continued ability to use alternatives to its systems, to the extent needed; the Company’s ability to process information it collected while using alternatives to its systems and the integrity of that information; the adequacy of processes during the period of disruption of the Company’s systems; the results of the Company analysis of the scope and details of the data that the threat actor accessed; release by the threat actor of any of the Company’s data, including third party data held by the Company, or the use of any such data for any fraudulent purposes; potential adverse impact of the incident on the Company's results of operations, including revenue, operating income and cash flows from operations, and on its financial condition, including liquidity; diversion of management’s attention from operations of the Company to addressing the cybersecurity incident; potential litigation related to the cybersecurity incident; potential adverse effects on relationships with customers, suppliers and other third parties as a result of the cybersecurity incident; reputational risk related to the cybersecurity incident; regulatory scrutiny of the cybersecurity incident; and other factors described under the heading “Risk Factors” in Part I, Item 1A of the Company’s Annual Report on Form 10-K for the fiscal year ended September 30, 2024, filed with the Securities and Exchange Commission (the “SEC”) on November 20, 2024 (the “Form 10-K”), as updated or supplemented by subsequent reports that the Company has filed or will file with the SEC. Potential investors, shareholders and other readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. The Company assumes no obligation to publicly update any forward-looking statement after it is made, whether as a result of new information, future events or otherwise, except as required by law.

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.

						INOTIV, INC.
Date:			August 18, 2025			By:			/s/ Beth A. Taylor
									Chief Financial Officer,
									Executive Vice President

FAQ

What cybersecurity incident did Inotiv (NOTV) report in this 8-K filing?

Inotiv reported that on August 8, 2025 a threat actor gained unauthorized access to and encrypted certain of its systems and data, prompting the company to contain, assess, and remediate the incident with the help of external cybersecurity specialists.

How has the cybersecurity incident affected Inotivs operations?

The incident has disrupted certain business operations by temporarily impacting availability and access to some networks and systems, including portions of internal data storage and certain internal business applications, leading Inotiv to transition some operations to offline alternatives.

Has Inotiv restored its systems after the cyberattack?

Inotiv states it is working to bring impacted portions of its systems back online and has implemented business continuity measures, but the timeline for a full restoration of affected functions and systems is not yet known.

Does Inotiv know the financial impact of the cybersecurity incident?

Inotiv explains that its investigation is ongoing and that the full scope, nature, and impacts, including operational and financial impacts, are not yet known, so it has not determined whether the incident is reasonably likely to have a material impact on the company.

What steps has Inotiv taken in response to the cybersecurity incident?

Inotiv has contained affected systems, initiated an investigation, engaged external cybersecurity specialists, restricted access to some systems, notified law enforcement, and activated its business continuity strategy to reduce disruption by shifting some operations to offline alternatives.

Could the Inotiv cybersecurity incident involve data access or regulatory issues?

Inotiv notes that results of its analysis may show data accessed by the threat actor and that risks include possible release or misuse of company or third-party data, potential litigation, reputational impact, and regulatory scrutiny related to the incident.