The documents related to COVID-19 vaccine and medications were stolen from the EU’s medicines agency last month

The European Medicines Agency (EMA), which evaluates and approves medicines for the European Union (EU), has disclosed that cybercriminals have posted online a portion of the documents that are related to COVID-19 vaccines and were stolen in a cyberattack last month.

“The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities,” reads the EMA’s press release. However, the agency added that its systems are fully functional and the approval and evaluation timelines for the vaccines haven’t been derailed.

The agency, based in the Netherlands, first disclosed on December 9th, 2020 that it had suffered a cyber incident of unknown origin. The subsequent probe found that several documents belonging to third parties, presumably those belonging to companies working on the vaccines, had been illegally accessed.

Per the investigation, the data breach was limited to one IT application, with the threat actors directly targeting information involving COVID-19 medicines and vaccines. According to BleepingComputer, the data trove included “email screenshots, EMA peer review comments, Word documents, PDFs, and PowerPoint presentations”. The affected companies were notified about the incident in due course.

Following the disclosure of the attack, the pharmaceutical companies BioNTech and Pfizer revealed that they were among those whose documents were accessed. The companies, which partnered to develop and test a COVID-19 vaccine, have issued a joint statement addressing the breach:

“Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed. It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed.”

Unfortunately, this may not be the last time we hear about cyberattacks and fraud attempts concerning COVID-19 vaccines and medication. In the run-up to New Year’s Eve, law enforcement authorities from around the world have been sounding the alarm about cybercriminals and fraudsters attempting to cash in on the vaccine rollout.

The US Department of Treasury is one of the latest agencies to have issued a stark warning about criminals’ attempts to exploit the rollout of the COVID-19 vaccines, including by falsely offering people to help them jump the line. Keep in mind that any such offers are fraudulent, and not only because  most countries have a vaccination strategy that prioritizes high-risk groups and medical professionals; indeed, trying to jump the queue may lead to stern fines. If you encounter similar offers or offers to buy a vaccine, it is most certainly a scam – just like any of the various coronavirus-themed scams that began to do the rounds soon after the pandemic began.