Cybercriminals leak Pfizer documents related to COVID-19 vaccine

In a security alert, the European Medicines Agency (EMA) revealed that some details about the coronavirus vaccine developed by Pfizer/BioNTech were exposed online. EMA is a decentralized agency responsible for approving COVID-19 vaccines and medical treatments, as well as evaluating any new medicines distributed in the European Union.

EMA researchers revealed that some of the documents presented during the incident are related to vaccines and medicines used to treat COVID-19: “The authorities are taking the necessary steps to mitigate the risks associated with the leaking,” they add.

The Agency assured it will to continue to support law enforcement agencies during the investigation, and users and organizations whose documents may have been exposed will be notified. Experts emphasized the fact that Europe’s health authorities maintain their operations on a regular basis, so deadlines for the evaluation and approval of upcoming vaccines will not be affected.

Apparently it all started late last year, when a group of researchers detected a dark web post related to information related to EMA’s work. The following screenshot shows a sample of these leaks posted on a dark web forum.

Some members of the cybersecurity community claim that the compromised data includes screenshots of emails, EMA opinions, internal documents, and PowerPoint presentations. From December 2020 EMA began investigating these leaks in collaboration with European research agencies.

Soon after, Pfizer and BioNTech revealed that the threat actors behind this incident accessed some of the COVID-19 documents submitted to EMA: “We have been informed that the Agency was the subject of a cyberattack that compromised some of our coVID-19 vaccine documents,” pharmaceutical companies said.

The Agency also found that this leak was limited to a single application, as threat actors focused primarily on data related to COVID-19 drugs and vaccines. The rest of the agency’s information systems are completely safe.