Cyber Attackers Leaked Covid-19 Vaccine Data After EU Hack
Caught up in the hack were some documents submitted by Pfizer Inc. and BioNTech SE during regulatory review of their vaccine.
(Bloomberg) -- Hackers posted confidential documents regarding Covid-19 medicines and vaccines on the internet after a data breach late last year at the European Medicines Agency.
Timelines related to evaluating and approving Covid medicines and vaccines haven’t been affected, the EMA said in a statement on Tuesday. The agency said it remains fully functional and that law enforcement authorities are taking action on the breach.
Caught up in the hack were some documents submitted by Pfizer Inc. and BioNTech SE during regulatory review of their vaccine, approved last month. The EMA said it would notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access.
Pfizer shares fell 2.2% in New York, with BioNTech’s American depositary receipts down 5.1%.
The EMA’s update on the breach came after an Italian cybersecurity firm, Yarix, said it found hacked documents related to the Pfizer-BioNTech vaccine’s authorization and commercial processes on the so-called dark web.
An attacker released a blog post there that contained files from the EMA, including confidential email messages related to vaccine production and marketing, Yarix Chief Executive Officer Mirko Gatto said in an interview. Screen shots and documents in the post referenced an EMA secure communications portal that’s reserved for authorized personnel, Gatto said.
Yarix reported the matter to the Italian authorities, the CEO said, but it’s not working directly with the EMA. The agency didn’t immediately respond to a request for comment on the firm’s disclosures.
Pfizer and BioNTech said last month that some documents they submitted to the EMA were accessed in the hack. The companies said that none of their systems had been breached.
A Pfizer spokesman declined to comment beyond the initial statement in December. A BioNTech representative didn’t immediately respond to requests for comment.
The EMA signed off on a second vaccine, from Moderna Inc., earlier this month. Currently under review is a third vaccine, developed by AstraZeneca Plc and the University of Oxford. The regulator has said its drugs advisory panel could issue an opinion on that shot by Jan. 29.
The EMA is also conducting a rolling review of a potential vaccine from Johnson & Johnson, though a decision on that shot is further off because a large late-stage trial hasn’t yielded results yet.
Since the pandemic began, hackers aligned with governments including Russia and China have been accused of targeting companies and research institutions.
Cybersecurity researchers at International Business Machines Corp. disclosed that unknown hackers were targeting companies and government agencies involved in vaccine distribution. Microsoft Corp. said hackers in Russia and North Korea had targeted seven “prominent” companies working on vaccines and treatment research.
©2021 Bloomberg L.P.