On May 14, 2024, Alexion Pharmaceuticals (“Alexion”) filed a notice of data breach with the Attorney General of Vermont after discovering that a vendor used by the company experienced a data security incident. In this notice, Cisiv explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their name, address, email address, and phone number, as well as information regarding surveys taken regarding Alexion’s products. Upon completing its investigation, Cisiv began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Cisiv, Ltd. about information you provided to Alexion Pharmaceuticals, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Cisiv / Alexion Pharmaceuticals data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Alexion Pharmaceuticals Survey Participants?

The Cisiv / Alexion Pharmaceuticals data breach was only recently announced, and more information is expected in the near future. However, Cisiv’s filing with the Attorney General of Vermont provides some important information on what led up to the breach. According to this source, on February 8, 2024, an unauthorized party gained access to a database Alexion uses to support its Risk Evaluation and Mitigation Strategy (“REMS”) Program. The breached vendor, Cisiv, served as a subcontractor to another vendor, PPD, that Alexion had engaged to handle the REMS database. Neither Alexion’s nor PPD’s computer systems were breached as a result of the incident.

Cisiv first learned about the incident on February 12, 2024, at which point Cisiv secured its systems and then launched an investigation with the help of third-party data security experts. This investigation ultimately confirmed that an unauthorized party was able to access the REMS database, which contained sensitive participant information.

After learning that sensitive consumer data was accessible to an unauthorized party, Cisiv reviewed the compromised files to determine what information was leaked and which consumers were impacted. Cisiv completed this process on April 16, 2024. While the breached information varies depending on the individual, it may include your name, address, email address, and phone number, as well as the fact that you participated in a survey related to one of Alexion’s products.

On May 14, 2024, Cisiv sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Cisiv, Ltd.

Cisiv, Ltd. is a technology and software company headquartered in New Malden, United Kingdom. Cisiv develops a platform designed for late phase research in the pharmaceutical industry. Cisiv supports pharmaceutical companies by developing software systems that capture and analyze data. Cisiv employs more than 76 people and generates approximately $9 million in annual revenue.