A collection of hackers have moved to publish Pfizer’s stolen COVID-19 vaccine data online, with the European Medicines Agency (EMA) confirming that some of the stolen data has been leaked online.
We reported in early December that hackers had managed to unlawfully access vaccine data in a cyber attack launched against the EMA.
In that hack, cyber threat actors were able to access documents and regulatory submissions from Pfizer and BioNTech, developers of a COVID-19 vaccine.
Moving to the present day, the EMA has issued a statement saying that while hackers have moved to publish some of Pfizer’s stolen COVID-19 vaccine data online, their core systems and the timeline for vaccine approvals remains unchanged by the data leak.
The EMA has issued a statement saying that “the ongoing investigation of the cyberattack on the EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet.”
The EMA added that it intends to pursue a criminal investigation and charges against the hackers responsible for publishing stolen COVID-19 vaccine data online.
So far, the EMA has launched a joint investigation into the hack alongside cyber intelligence agencies and law enforcement.
The agency continued to explain that “the agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access.”
Cyber attacks and hacking campaigns against regulators, health departments and vaccine developers have been widespread and vicious over the past ten months. Due to the sensitive and valuable nature of the datasets, high-profile hacking collectives and even nation-states have launched cyber attacks against developers of COVID-19 vaccines.
According to a report from BleepingComputer, “sources in the cybersecurity intelligence community have [said] that the leaked stolen data includes email screenshots, EMA peer review comments, Word documents, PDFs and PowerPoint presentations.”
Developers of the COVID-19 vaccine, Pfizer and BioNTech released a joint statement in December saying that “today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”
Since the disclosure, the EMA has released updates saying that hackers were only able to access a relatively small amount of data. The agency added that the data breach was “limited to a single application with the attackers primarily targeting data related to COVID-19 medicines and vaccines.”