Cencora Data Breach Class Action Lawsuit Investigation

Over 500,000 patients’ data was stolen by hackers in a massive cyberattack on pharmaceutical giant Cencora.

Receive a data breach notice from Cencora?

Your personal information may have been leaked.

loading...

What is the Cencora data breach?

On February 21, 2024, Cencora disclosed in an SEC filing that it “learned that data from its information systems had been exfiltrated, some of which may contain personal information.”

About the Cencora Data Breach Lawsuit

Cencora has since been hit with numerous lawsuits that accuse the pharmaceutical distributor of failing to implement sufficient cybersecurity measures and failing to notify patients in a timely manner, according to Bloomberg.

Gibbs Law Group is seeking compensation for the data breach victims and demanding that Cencora fix its apparently ineffective information security systems to protect the data from future data breaches.

Our data breach lawyers are currently providing free consultations for individuals around the country whose personal health information may be at risk.

Cencora data exfiltration: notices sent to patients

On May 17, three months after the breach, Cencora began sending out letters to people whose information was stolen.

The notice states that the following personal information may have been “exfiltrated” from their systems:

  • names
  • addresses
  • health diagnoses
  • prescriptions

CPO Magazine reports that while the exact number of impacted individuals is unknown, at least 540,000 individuals have been notified thus far.

Companies included in the Cencora cybersecurity breach

According to CPO Magazine and SC Media, at least 15 pharmaceutical companies have sent out breach notifications linked to the Cencora cyberattack, including:

  • Bayer
  • GlaxoSmithKline Group of Companie
  • Novartis Pharmaceuticals
  • Bristol Myers Squibb
  • AbbVie
  • Genentech
  • Sumitomo Pharma America
  • Regeneron Pharmaceuticals
  • Incyte

Our attorneys' leadership in data breach litigation

Gibbs Law Group partner David Berger has represented consumers in some of the largest and most influential privacy and data breach cases in the country and has repeatedly obtained record-setting settlements.  He frequently speaks at conferences on data breach cases and other class action topics. David is a former Chair of the American Association for Justice’s Consumer Privacy and Data Breach Litigation Group.

About Us

Gibbs Law Group is a California-based law firm committed to protecting the rights of clients nationwide who have been harmed by corporate misconduct. We represent individuals, whistleblowers, employees, and small businesses across the U.S. against the world’s largest corporations. Our award-winning lawyers have achieved landmark recoveries and over a billion dollars for our clients in high-stakes class action and individual cases involving consumer protection, data breach, digital privacy, and federal and California employment lawsuits. Our attorneys have received numerous honors for their work, including “Top Plaintiff Lawyers in California,” “Top Class Action Attorneys Under 40,” “Consumer Protection MVP,” “Best Lawyers in America,” and “Top Cybersecurity/ Privacy Attorneys Under 40.”

titan of plaintiffs bar award
best law firm ranking
chambers USA leading firms award
daily journal top plaintiff lawyers award

Attorneys

David Berger

David represents consumers in data breach, privacy, and financial services litigation. He has prosecuted some of the largest privacy cases nationwide.

View full profile

Linda Lam

Linda focuses her practice on representing consumers, small businesses, and employees in complex litigation.

View full profile

Eric Gibbs

A founding partner at the firm, Eric has negotiated groundbreaking settlements that favorably shaped laws and resulted in business practice reforms.

View full profile

Other data breach lawsuits and investigations: