Cyber incident update: West Pharmaceutical (NYSE: WST) restores operations
Filing Impact
Filing Sentiment
Form Type
8-K/A
Rhea-AI Filing Summary
West Pharmaceutical Services, Inc. filed an amended report updating details on a previously disclosed material cybersecurity attack. The company states that core enterprise systems are restored and that manufacturing, receiving and shipping processes have restarted at all sites, with global operations now fully functional.
The intrusion was initially detected on May 4, 2026, with data exfiltration and system encryption confirmed by May 7, 2026. The company reports no unauthorized activity or access has been observed since May 5, 2026. Based on its investigation to date, it believes the incident has not had, and is not reasonably likely to have, a material impact on its 2026 second-quarter and full-year financial guidance.
Positive
- None.
Negative
- None.
Insights
Company reports recovery from cyber attack with no expected guidance impact.
West Pharmaceutical Services, Inc. describes a material cybersecurity attack involving data exfiltration and system encryption, initially detected on May 4, 2026. The company activated incident response protocols, took systems offline globally, engaged law enforcement, and retained external cyber-forensic experts.
The filing indicates that core enterprise systems are restored and critical manufacturing, receiving and shipping processes have restarted at all sites, with the company now fully operational across manufacturing, supply chain and commercial locations. The company also notes no ongoing unauthorized activity or access has been observed since May 5, 2026.
Importantly, based on information available at this stage of the investigation, management states it believes the incident has not had, and is not reasonably likely to have, a material impact on 2026 second-quarter and full-year financial guidance. Future assessments will depend on the final scope of affected data and any longer-term remediation or compliance requirements.
8-K Event Classification
2 items: 1.05, 9.01
2 items
Item 1.05
Material Cybersecurity Incidents
Business
A cybersecurity incident that the company has determined to be material to investors.
Item 9.01
Financial Statements and Exhibits
Exhibits
Financial statements, pro forma financial information, and exhibit attachments filed with this report.
Key Figures
Intrusion detection date: May 4, 2026
Incident determination date: May 7, 2026
Last observed unauthorized activity: May 5, 2026
3 metrics
Intrusion detection date
May 4, 2026
Initial detection of cybersecurity intrusion
Incident determination date
May 7, 2026
Company determined a material cybersecurity attack occurred
Last observed unauthorized activity
May 5, 2026
No unauthorized activity observed after this date
Key Terms
material cybersecurity attack, incident response protocols, data was exfiltrated, forward-looking statements, +1 more
5 terms
material cybersecurity attack technical
"the Company had experienced a material cybersecurity attack, in which certain data was exfiltrated"
incident response protocols technical
"the Company promptly activated its incident response protocols, including proactively taking systems offline globally"
data was exfiltrated technical
"a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party"
forward-looking statements regulatory
"This on contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995"
Forward-looking statements are predictions or plans that companies share about what they expect to happen in the future, like estimating sales or profits. They matter because they help investors understand a company's outlook, but since they are based on guesses and assumptions, they can sometimes be wrong.
Inline XBRL technical
"Cover Page Interactive Data File (embedded within the Inline XBRL document)"
Inline XBRL is a file format for financial filings that embeds machine-readable data tags directly inside the human-readable report, so the same document can be read by people and parsed by software. For investors it makes extracting, comparing and verifying financial numbers faster and more reliable—like a grocery list where each item also has a barcode—reducing manual errors and speeding up analysis.
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 8-K/A
(Amendment No. 1)
CURRENT REPORT
Pursuant to Section 13 or 15(d) of The Securities Exchange Act of 1934
Date of Report (Date of earliest event reported) – May 7, 2026
(Exact name of registrant as specified in its charter)
(State or other jurisdiction of incorporation) | (Commission File Number) | (IRS Employer Identification No.) | ||||||||||||
(Address of principal executive offices) | (Zip Code) | |||||||||||||
Registrant’s telephone number, including area code: 610 -594-2900
Not Applicable | ||
(Former name or address, if changed since last report.) | ||
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2. below):
Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) | |||||
Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) | |||||
Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) | |||||
Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) | |||||
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class | Trading Symbol | Name of each exchange on which registered | ||||||
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
1
Explanatory Note
This Amendment No. 1 amends the Current Report on Form 8-K filed by West Pharmaceutical Services, Inc. (the “Company”) with the Securities and Exchange Commission (the “SEC“) on May 11, 2026 (the “Original Report”).
Item 1.05 Material Cybersecurity Incidents.
As previously disclosed in the Original Report, the Company determined on May 7, 2026 that the Company had experienced a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party and certain systems were encrypted. Upon initial detection of an intrusion on May 4, 2026, the Company promptly activated its incident response protocols, including proactively taking systems offline globally for containment purposes, notifying law enforcement, and engaging external cyber-forensic experts.
Remediation efforts have since progressed, with core enterprise systems restored in addition to critical processes for manufacturing, receiving and shipping restarted at all sites. The Company is now fully operational across its manufacturing, supply chain and commercial sites globally. While the Company’s investigation into the nature and scope of the incident is continuing, including with respect to the extent of the data affected, no unauthorized activity or access is ongoing or has been observed since May 5, 2026.
Based on the investigation to date and information currently available, the Company believes that the incident has not had, and is not reasonably likely to have, a material impact on the Company’s 2026 second-quarter and full-year financial guidance.
Forward-Looking Statements
This Current Report on Form 8-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, including, but not limited to, statements regarding the Company's expectations regarding future events, financial guidance, actions or performance related to the cybersecurity incident, including the results of the Company’s ongoing investigation thereof and the impact of the cybersecurity incident on the Company, and its financial or operational performance. Forward-looking statements may be identified by words such as "believe," "expect," "intend," "estimate," "plan," "anticipate," "project," "forecast," "guidance," "target," "may," "will," "continue" and similar expressions.
These statements are based on current expectations and assumptions and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied by such forward-looking statements. For additional information regarding these risks as well as other risks, uncertainties and factors that could affect our forward-looking statements, please refer to Part I Item 1A, entitled "Risk Factors," of the Company's most recent Annual Report on Form 10-K and any amendments thereto, as well as the Company's most recently filed Quarterly Reports on Form 10-Q and other filings the Company makes with the Securities and Exchange Commission.
Forward-looking statements speak only as of the date of this Current Report on Form 8-K. Except as required by law or regulation, West Pharmaceutical Services, Inc. undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise.
Item 9.01 Financial Statements and Exhibits.
(d) | Exhibit No. | Description | ||||||
| 104 | Cover Page Interactive Data File (embedded within the Inline XBRL document). | |||||||
2
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
Date: May 20, 2026 | WEST PHARMACEUTICAL SERVICES, INC. | ||||
| By: | /s/ Norman D. Finch Jr. | ||||
| Norman D. Finch Jr. | |||||
Senior Vice President, General Counsel and Corporate Secretary | |||||
3
EXHIBIT INDEX
Exhibit No. | Description | |||||||
104 | Cover Page Interactive Data File (embedded within the Inline XBRL document). | |||||||
4
FAQ
What cybersecurity incident did West Pharmaceutical Services (WST) report in this 8-K/A?
West Pharmaceutical Services reported a material cybersecurity attack in which certain data was exfiltrated and some systems were encrypted. The intrusion was initially detected on May 4, 2026, with the company activating incident response protocols and taking systems offline globally for containment.
Is West Pharmaceutical Services (WST) fully operational after the May 2026 cyber attack?
Yes. The company states it is fully operational across manufacturing, supply chain and commercial sites globally. Core enterprise systems have been restored, and critical processes for manufacturing, receiving and shipping have restarted at all locations following the cybersecurity incident.
Has unauthorized access continued after the West Pharmaceutical (WST) cyber incident?
No. West Pharmaceutical reports that no unauthorized activity or access is ongoing or has been observed since May 5, 2026. The company’s investigation continues, including assessing the nature and scope of affected data, supported by external cyber-forensic experts and law enforcement notification.
How does West Pharmaceutical (WST) expect the cyber attack to affect 2026 financial guidance?
Based on its investigation to date, the company believes the incident has not had, and is not reasonably likely to have, a material impact on its 2026 second-quarter and full-year financial guidance. This belief is based on current information and may be refined as the investigation progresses.
What actions did West Pharmaceutical (WST) take in response to the cyber intrusion?
Upon detecting the intrusion on May 4, 2026, the company activated incident response protocols, proactively took systems offline globally, notified law enforcement, and engaged external cyber-forensic experts. These steps supported containment, system restoration and the resumption of key operational processes worldwide.