Cyberattack disrupts West Pharmaceutical (NYSE: WST) global operations
Filing Impact
Filing Sentiment
Form Type
8-K
Rhea-AI Filing Summary
West Pharmaceutical Services, Inc. reported a material cybersecurity attack that involved data being exfiltrated by an unauthorized party and encryption of certain systems. After detecting the intrusion on May 4, 2026, the company took systems offline globally, notified law enforcement, and engaged external cyber‑forensic experts, including Palo Alto Networks’ Unit 42.
The attack and the company’s containment measures have temporarily disrupted business operations worldwide. Core enterprise systems have been restored and key shipping, receiving, and manufacturing processes have restarted at some sites, with other locations still being brought back online. The company has not yet determined the incident’s material impact on its financial condition or results.
Positive
- None.
Negative
- Material cybersecurity attack with global disruption: West Pharmaceutical Services experienced a material cyberattack involving data exfiltration and system encryption, leading to temporary disruption of business operations globally and an as‑yet undetermined impact on financial condition and results.
Insights
Material cyberattack disrupted West’s global operations, with financial impact still undetermined.
West Pharmaceutical Services has disclosed a material cybersecurity attack involving data exfiltration and system encryption. In response to the intrusion detected on May 4, 2026, it proactively shut down systems globally, restricted access to enterprise systems, and activated incident response and crisis management protocols.
The company states that operations have been temporarily disrupted worldwide. Core enterprise systems are restored and shipping, receiving, and manufacturing have restarted at some sites, while remaining locations are still being brought back online. The ultimate impact on financial condition and results of operations has not yet been determined.
West engaged Palo Alto Networks’ Unit 42 and other external experts to support investigation, containment, and recovery, and has taken steps to mitigate the risk of dissemination of exfiltrated data. Subsequent company filings and updates referenced in the disclosure may clarify the scope of affected data and quantify any financial effects.
8-K Event Classification
4 items: 1.05, 7.01, 9.01, 99.1
4 items
Item 1.05
Material Cybersecurity Incidents
Business
A cybersecurity incident that the company has determined to be material to investors.
Item 7.01
Regulation FD Disclosure
Disclosure
Material non-public information disclosed under Regulation Fair Disclosure, often investor presentations or guidance.
Item 9.01
Financial Statements and Exhibits
Exhibits
Financial statements, pro forma financial information, and exhibit attachments filed with this report.
Item 99.1
Item 99.1
Key Figures
Intrusion detection date: May 4, 2026
Material incident determination date: May 7, 2026
Website statement date: May 11, 2026
3 metrics
Intrusion detection date
May 4, 2026
Date company first detected the cybersecurity intrusion
Material incident determination date
May 7, 2026
Date West determined the cyberattack was material
Website statement date
May 11, 2026
Date of Exhibit 99.1 cyberattack update
Key Terms
material cybersecurity attack, data was exfiltrated, encrypted, business continuity plans, +2 more
6 terms
material cybersecurity attack technical
"the Company has experienced a material cybersecurity attack, in which certain data was exfiltrated"
data was exfiltrated technical
"a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party"
encrypted technical
"certain data was exfiltrated by an unauthorized party and certain systems were encrypted"
Encrypted means data has been scrambled into a secret code so only authorized parties can read it — like locking sensitive papers in a safe and giving keys only to trusted people. For investors, encryption matters because it protects financial records, customer information and trade secrets from theft or exposure, reducing legal, regulatory and reputational risks that can hurt a company’s value and operations.
business continuity plans financial
"West is leveraging its business continuity plans and working with our customers"
Business continuity plans are documented strategies and procedures a company uses to keep essential operations running during emergencies such as natural disasters, cyberattacks, or major supply disruptions. Like a spare tire and roadmap for a car, they reduce downtime and financial loss, protect customer trust, and help management recover faster—factors that directly affect revenue stability, regulatory exposure, and long-term investor value.
Regulation FD Disclosure regulatory
"Item 7.01 Regulation FD Disclosure. A copy of the Company’s statement on its website"
Regulation FD disclosure requires public companies to share important, market-moving information with everyone at the same time instead of tipping off analysts or large investors first. Think of it as making sure all players on a field hear the same announcement simultaneously; that fairness helps investors trust that stock prices reflect the same information and reduces the risk of sudden, unfair trading advantages or regulatory penalties for selective leaks.
forward-looking statements regulatory
"contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995"
Forward-looking statements are predictions or plans that companies share about what they expect to happen in the future, like estimating sales or profits. They matter because they help investors understand a company's outlook, but since they are based on guesses and assumptions, they can sometimes be wrong.
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 8-K
CURRENT REPORT
Pursuant to Section 13 or 15(d) of The Securities Exchange Act of 1934
Date of Report (Date of earliest event reported) – May 7, 2026
(Exact name of registrant as specified in its charter)
(State or other jurisdiction of incorporation) | (Commission File Number) | (IRS Employer Identification No.) | ||||||||||||
(Address of principal executive offices) | (Zip Code) | |||||||||||||
Registrant’s telephone number, including area code: 610 -594-2900
Not Applicable | ||
(Former name or address, if changed since last report.) | ||
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2. below):
Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) | |||||
Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) | |||||
Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) | |||||
Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) | |||||
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class | Trading Symbol | Name of each exchange on which registered | ||||||
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
1
Item 1.05 Material Cybersecurity Incidents.
On May 7, 2026, West Pharmaceutical Services, Inc. (the “Company”) determined that the Company has experienced a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party and certain systems were encrypted. Upon initial detection of an intrusion on May 4, 2026, the Company promptly activated its incident response protocols, including proactively taking systems offline globally for containment purposes, notifying law enforcement, and engaging external cyber-forensic experts. The Company’s investigation into the nature and scope of the incident remains ongoing, including the extent of the data affected. The Company has taken steps intended to mitigate the risk of dissemination of the exfiltrated data.
The incident and the Company’s proactive response have temporarily disrupted the Company’s business operations globally. While the Company has restored its core enterprise systems, and critical processes for shipping, receiving, and manufacturing have restarted at some sites with restoration of the remaining sites in process, the timeline for a complete restoration has not yet been finalized.
The incident’s material impact on the Company’s financial condition and results of operations, if any, has not been determined at the time of filing.
Forward-Looking Statements
This Current Report on Form 8-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, including, but not limited to, statements regarding the Company's expectations regarding future events, actions or performance related to the cybersecurity incident, including the results of the Company’s ongoing investigation thereof and the impact of the cybersecurity incident on the Company, and its financial or operational performance. Forward-looking statements may be identified by words such as "believe," "expect," "intend," "estimate," "plan," "anticipate," "project," "forecast," "guidance," "target," "may," "will," "continue" and similar expressions.
These statements are based on current expectations and assumptions and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied by such forward-looking statements. For additional information regarding these risks as well as other risks, uncertainties and factors that could affect our forward-looking statements, please refer to Part I Item 1A, entitled "Risk Factors," of the Company's most recent Annual Report on Form 10-K and any amendments thereto, as well as the Company's most recently filed Quarterly Reports on Form 10-Q and other filings the Company makes with the Securities and Exchange Commission.
Forward-looking statements speak only as of the date of this Current Report on Form 8-K. Except as required by law or regulation, West Pharmaceutical Services, Inc. undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise.
Item 7.01 Regulation FD Disclosure.
A copy of the Company’s statement on its website regarding this matter is furnished as Exhibit 99.1 to this report and is incorporated into this Item 7.01 by reference thereto.
The information in this Item 7.01 of this Current Report on Form 8-K, including the exhibit furnished pursuant to Item 99.1, shall not be deemed “filed” for the purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) or otherwise subject to the liabilities under that Section. Furthermore, the information in this Item 7.01 of this Current Report on Form 8-K, including the exhibit furnished pursuant to Item 99.1, shall not be deemed to be incorporated by reference into the filings of the Company under the Securities Act of 1933, as amended, or the Exchange Act, regardless of any general incorporation language contained in such filing.
Item 9.01 Financial Statements and Exhibits.
(d) | Exhibit No. | Description | ||||||
| 99.1 | West Pharmaceutical Services, Inc. Company Website Statement, dated May 11, 2026 (furnished, not filed). | |||||||
| 104 | The cover page from the Company’s Current Report on Form 8-K, dated May 7, 2026, formatted in Inline XBRL. | |||||||
2
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
Date: May 11, 2026 | WEST PHARMACEUTICAL SERVICES, INC. | ||||
| By: | /s/ Norman D. Finch Jr. | ||||
| Norman D. Finch Jr. | |||||
Senior Vice President, General Counsel and Corporate Secretary | |||||
3
EXHIBIT INDEX
Exhibit No. | Description | |||||||
99.1 | West Pharmaceutical Services, Inc. Company Website Statement, dated May 11, 2026 (furnished, not filed). | |||||||
104 | The cover page from the Company’s Current Report on Form 8-K, dated May 7, 2026, formatted in Inline XBRL. | |||||||
4
West is committed to providing timely and transparent communication to all stakeholders regarding the recent cyberattack on its network systems. Following initial detection of an intrusion on May 4, 2026, West Pharmaceutical Services promptly implemented a series of technical and organizational measures to contain and mitigate the potential impact. This included the proactive shutdown and isolation of affected on- premise infrastructure for containment purposes, restriction of access to enterprise systems, and activation of further incident response and crisis management protocols, including notifying law enforcement. West also engaged Palo Alto Networks’ Unit 42, a leading threat intelligence and incident response team, to support the Company’s investigation, containment, and recovery efforts, in coordination with other external experts and legal counsel. The incident and the Company’s proactive response have temporarily disrupted the Company’s business operations globally. While the Company has restored its core enterprise systems, and critical processes for shipping, receiving, and manufacturing have restarted at some sites with restoration of the remaining sites in process, the timeline for a complete restoration has not yet been finalized. West is leveraging its business continuity plans and working with our customers to mitigate risk and minimize delays wherever possible. We will continue to provide timely updates as additional information becomes available. Last Updated May 11, 2026 Cyberattack Update
FAQ
What happened in the West Pharmaceutical Services (WST) cyberattack disclosed in May 2026?
West Pharmaceutical Services experienced a material cybersecurity attack where certain data was exfiltrated and some systems were encrypted. The company took systems offline globally, activated incident response protocols, involved law enforcement, and engaged external cyber‑forensic experts to investigate, contain, and remediate the incident.
How has the May 2026 cyberattack affected West Pharmaceutical (WST) operations?
The attack and response measures have temporarily disrupted business operations globally. West reports its core enterprise systems are restored, and shipping, receiving, and manufacturing have restarted at some sites, while work continues to fully restore remaining locations and normal operating capacity.
Has West Pharmaceutical (WST) determined the financial impact of the cyberattack?
West states that the incident’s material impact on financial condition and results has not been determined at the time of disclosure. The company is still investigating the nature and scope of the attack, including the extent of affected data and operational consequences.
What steps did West Pharmaceutical (WST) take after detecting the cyber intrusion?
After detecting the intrusion on May 4, 2026, West shut down and isolated affected on‑premise infrastructure, restricted access to enterprise systems, activated incident response and crisis management protocols, notified law enforcement, and engaged Palo Alto Networks’ Unit 42 and other external experts for investigation and recovery.
Is West Pharmaceutical (WST) working to limit misuse of exfiltrated data from the cyberattack?
Yes. West reports it has taken steps to mitigate the risk of dissemination of exfiltrated data. While details are not specified, these actions accompany its broader investigation, containment, and recovery efforts following the material cybersecurity incident on its network systems.
Where can investors find more information about West Pharmaceutical’s (WST) cyber incident?
West furnished a website statement as Exhibit 99.1 in its Form 8‑K, incorporated into the Regulation FD disclosure section. That statement, dated May 11, 2026, provides additional narrative on the cyberattack, response measures, system restoration progress, and planned future updates.