A Bug in the Lab

How hackers stole data from my biotech startup by infiltrating a global R&D contractor

I was on an island in Vietnam when I got the alert from the CEO of Charles River Labs, the world’s top R&D contractor: “highly sophisticated and well-resourced intruders” had stolen data from 1% of its clients — including my biotech startup, Nivien Therapeutics.

Charles River is a natural target: it handles data from startups like Nivien to giants like Pfizer, which enlist contractors for specialized expertise, capital-intensive infrastructure and experiments that exceed in-house bandwidth.

We worked with several contractors at Nivien: on animal studies, chemical screens, assay development and optimization of our therapeutic candidates. The data and IP from these contracts are the solid gold of biomedical R&D.

The cyberattack exposed the identity of our therapeutic target and potentially valuable structure-activity relationship (SAR) data: how the structures of our molecules affect their function — and therefore their therapeutic application.

Were we still in business, the breach may have jeopardized our endeavor.

However, I’d already disclosed our target in an essay in The Washington Post about ending Nivien after a go/no-go decision point…