ExecuPharm is a pharmaceutical provider for two of the top five providers in the world. “Known for a lean, agile approach, ExecuPharm has earned its best-in-class reputation,” says the company site. “We’re the primary provider for two of the top five biopharma companies. And we lead the industry in staff retention and customer satisfaction.”
The breach was a string of phishing attacks sent to ExecuPharm employees. In a notification letter to the Office of the Vermont Attorney General, ExecuPharm warned customers about what data was involved and what the company was doing. It then offered free credit monitoring for the victims.
The breach occurred when one of the employees that received the phishing email mistakenly offered personal data that allowed the hacker access to some of ExecuPharms’s systems. “Upon a thorough investigation, ExecuPharm determined that the individuals behind the encryption and the sending of these emails may have accessed and/or shared select personal information relating to ExecuPharm personnel,” read the notification, “as well as personal information relating to Parexel personnel, whose information was stored on ExecuPharm’s data network.” Parexel is ExecuPharm’s parent company.
This breach occurred in 2020.
The breach affects specific customers of ExecuPharms. This likely includes customers of the companies that the company provided services to.
The breach affected an unknown number of files. ExecuPharm sent all customers affected by the breach notification letters, but the company did not disclose the exact number of victims or compromised files.