---
schema_version: "secwatch.filing_event.v1"
accession: "0001104659-24-084351"
form_type: "8-K/A"
ticker: "COR"
cik: "0001140859"
company_name: "Cencora, Inc."
filed_at: "2024-07-31T23:59:59+00:00"
generated_at: "2026-05-31T14:16:06.526281+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.6
calibrated_materiality_score: 0.6
confidence: "high"
source: SEC EDGAR
---

# Cencora confirms PII/PHI exfiltration in Feb 2024 cyber incident; notifications ongoing

## Summary
- Exfiltrated data includes personally identifiable and protected health information, most from patient support subsidiary.
- Notifications have been sent to affected individuals and regulatory agencies; data review continues.
- No evidence data has been or will be publicly disclosed; containment and remediation are ongoing.
- Incident has not materially impacted operations or financial condition, per company.

## SEC filing metadata
- accession: 0001104659-24-084351
- form_type: 8-K/A
- ticker: COR
- cik: 0001140859
- company_name: Cencora, Inc.
- filed_at: 2024-07-31T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.6
- calibrated_materiality_score: 0.6
- confidence: high
- sec_items: 1.05
- EDGAR index: https://www.sec.gov/Archives/edgar/data/1140859/000110465924084351/0001104659-24-084351-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1140859/000110465924084351/tm2420501d1_8ka.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0001104659-24-084351
- JSON: https://secwatch.observer/filing/0001104659-24-084351.json
- Plain text: https://secwatch.observer/filing/0001104659-24-084351.txt

## Key facts
- Cybersecurity Incidents
  Cencora, Inc. disclosed a cybersecurity incident: data exfiltration from information systems, including personally identifiable information and protected health information. Impact: no material impact on operations or financial condition. Company determined it not material. Discovered 2024-02-21.
  - Nature: data exfiltration from information systems, including personally identifiable information and protected health information
  - Impact: no material impact on operations or financial condition
  - Materiality: not material
  - Discovery: 2024-02-21
  source text: The incident has not had a material impact on the Company’s operations, and its information systems have continued to be fully operational. The Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
  evidence_url: https://www.sec.gov/Archives/edgar/data/1140859/000110465924084351/0001104659-24-084351-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.
