The leaked vaccine data is now circulating on hacker forums including Russian-speaking ones.
The European Medicines Agency (EMA) reported that the Pfizer/BioNTech COVID-19 vaccine data was stolen during a cyber-attack. The attack occurred on December 19th, 2020.
It is worth noting that in December last year, the agency confirmed that threat actors broke into its server and stole documents related to the COVID-19 vaccine.
COVID-19 Vaccine Data Stolen
Hackread.com can confirm that some of the documents were related to the companies’ regulatory submissions of the BNT16262 vaccine, stored on the organization’s server. Shortly after the attack, the hackers leaked the stolen data as part of a cyberattack targeted against the EMA.
How it was Discovered
The leak was uncovered while the EMA launched an investigation into the attack in collaboration with law enforcement. The agency claimed that the stolen data was discovered on different hacking forums by December 31st, 2020. On 13th January 2021, the EMA stated that authorities are looking into this matter.
“The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities,” the EMA’s statement read.
Details of the Attack
The EMA didn’t disclose the attack’s specifics, such as the timeframe, the original point of compromise, and the data accessed. In an update issued on Tuesday, the EMA stated that it would continue to inform individuals and ‘additional entities’ associated with the stolen documents and data that may have been subjected to unauthorized access.
EMA Networks are Still Functional
European Union’s medical agency, EMA, has confirmed that its networks are fully functional, and the timelines of the assessment and approval of the vaccines won’t be affected. In fact, the BNT162b2 vaccine is already rolled out in the UK and will soon be available in other countries after approval.
It is worth noting that European drug regulatory bodies received vaccine approval requests from Pfizer and BioNTech on December 1st, 2020.
Pfizer and BioNTech Response
A Pfizer spokesperson stated that BioNTech or Pfizer’s systems weren’t breached in this incident, and they didn’t find any evidence of personal data being accessed as yet.
“At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with E.U. law…”
Pfizer and BioNTech released a joint statement to disclose the nature of the breach.
“Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”
What is EMA?
It is a decentralized agency that evaluates, monitors, and supervises new medicines that the EU is about to introduce. The agency is responsible for approving any COVID-19 vaccine before it is distributed.