On May 14, 2024, Alexion Pharmaceuticals disclosed a data breach involving its vendor Cisiv, Ltd., affecting sensitive information of individuals who participated in surveys regarding Alexion’s products. The breach was reported to the Attorney General of Vermont, detailing that the compromised data includes names, addresses, email addresses, phone numbers, and survey responses.
The security incident occurred on February 8, 2024, when an unauthorized party gained access to a database used by Alexion’s Risk Evaluation and Mitigation Strategy (REMS) Program. Cisiv, a subcontractor for PPD, which Alexion had engaged to manage the REMS database, was directly affected by the breach. The systems of Alexion and PPD were not compromised.
Cisiv became aware of the breach on February 12, 2024, promptly securing its systems and launching an investigation with the assistance of third-party data security experts. The investigation confirmed that sensitive information had been accessed by the unauthorized party. By April 16, 2024, Cisiv completed its review of the compromised files, identifying the impacted individuals.
Notification letters were sent out by Cisiv on May 14, 2024, to all affected individuals, informing them of the specific data compromised in the breach. For those receiving a notification, it is important to understand the risks and take steps to protect against potential identity theft or fraud. Legal counsel can provide guidance on how to safeguard personal information and explore legal options following the breach.
Cisiv is a technology and software company based in New Malden, United Kingdom, specializing in platforms for late-phase pharmaceutical research. The company supports pharmaceutical companies by developing software systems for data capture and analysis. Cisiv employs over 76 people and generates approximately $9 million in annual revenue.
