2020-08-07 IMMUNIC, INC. Cybersecurity Incident

Page last updated on April 11, 2024

IMMUNIC, INC. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2020-08-07 20:44:37 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2020-07-31
Disclosure Date: 2020-08-07
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2020-08-07

IMMUNIC, INC. filed an 8-K at 2020-08-07 20:44:37 EDT
Accession Number: 0001193805-20-000975

Item 8.01 Other Events.

Updated Risk Factor

The Company is supplementing the risk factors contained in its Annual Report on Form 10-K for the fiscal year ended December 31, 2019, filed with the SEC on March 16, 2020 and Part II, Item 1A of its Form 10-Q/A filed with the SEC on August 3, 2020, with the following risk factor.

Our internal computer systems and physical premises, or those of our strategic collaborators or other contractors or consultants are susceptible to failure and we have experienced a security breach, which could result in a material disruption of our product development programs and our manufacturing operations.

Our internal computer systems and those of our current and any future strategic collaborators, vendors, and other contractors or consultants are vulnerable to damage from computer viruses, unauthorized access, natural disasters, terrorism, cybersecurity threats, war and telecommunication and electrical failures. We may experience cyber-attacks on our information technology systems by threat actors of all types (including but not limited to nation states, organized crime, other criminal enterprises, individual actors and/or advanced persistent threat groups). In addition, we may experience intrusions on our physical premises by any of these threat actors. If any such cyber-attack or physical intrusion were to cause interruptions in our operations, such as a material disruption of our development programs or our manufacturing operations, whether due to a loss of our trade secrets or other proprietary information, it would have a material and adverse effect on us. For example, the loss of clinical trial data from one or more ongoing or completed or future clinical trials could result in delays in our regulatory approval efforts, significantly increase our costs to recover or reproduce the data and expose us to liability. In addition, if we were to run multiple clinical trials in parallel, any breach of our computer systems or physical premises could result in a loss of data or compromised data integrity across more than one of our programs in different stages of development. Any such breach, loss, or compromise of clinical trial participant personal data may also subject us to civil fines and penalties or claims for damages, either under the General Data Protection Regulation and relevant member state law in the European Union, other foreign laws, and the federal Health Insurance Portability and Accountability Act of 1996, and other relevant state and federal privacy laws in the United States including the California Consumer Privacy Act. On May 13, 2020, the Federal Bureau of Investigation (“FBI”) and Cybersecurity and Infrastructure Security Agency announced that the FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by People’s Republic of China-affiliated cyber actors. To the extent that any disruption or security breach were to result in a loss of, or damage to, our data or applications, or inappropriate disclosure of confidential or proprietary information, including but not limited to information related to our IMU-838 product candidate, we could incur liability, our competitive and reputational position could be harmed, and the further development and commercialization of our investigational medicines could be delayed. On July 31, 2020 we discovered that an email account at the Company was subject to attempted unauthorized access for a period of up to 24 hours and we have hired an investigator to ascertain what, if any, Company or patient information was impacted. We do not currently believe any confidential or proprietary information was compromised and have taken steps to prevent unauthorized action in the future such as implementing two factor authentication for our email accounts. While we believe that our insurance policies include liability coverage for security breaches, we could be subject to indemnity claims or other damages that exceed our insurance coverage. In addition, our investigation of our recent security breach is in its early stages and we cannot be certain about the scope of the breach or the confidential or proprietary information that was compromised. As a result, the ramifications of the security breach remain uncertain and the security breach could have a material adverse effect on our business, financial condition, results of operations and prospects, as well as cause a decline in the trading price of our common stock.

Company Information