Posted on January 14, 2021 at 2:33 PM
A recent report reveals that threat actors have exposed the information relating to COVID-19 vaccines they stole from the European Union’s medical agency (EMA). The hackers released the confidential data over the internet for public view.
However, timelines about approving and evaluating the COVID-19 vaccine were not affected by the exposure, according to EMA.
The agency has pointed out that the incident didn’t affect its operational capacity, as it remains fully functional. EMA also noted that it had informed law enforcement and investigation about the breach is already ongoing. The details leaked include BioNTech and Pfizer COVID-19 vaccine data.
Attacks coming as vaccines are rolled out to the world
He added that the company’s focus has always been to stay in close relationship with governments and regulators around the globe to make sure the COVID-19 vaccine is safely delivered to people around the world. The company said the end goal is to improve people’s health and help send COVID-19 out of the world.
This data leak is coming as the COVID-19 vaccine is being rolled out massively in the world. The information about the vaccine development method can be utilized by threat actors in various capacities, including financial cyberattacks and cyber espionage.
But this time, the threat actors decided to reveal the information over the internet for the public. According to the vice president at New Net Technologies Dirk Schrader, one reason behind their decision to release the data online could be to crease misinformation. It could also be about gaining reputation and fame in the darknet, he added.
Hackers accessed COVID-19 vaccine submission data
EMA is the European Union agency that evaluates and supervises medical products in the EU. It performs similar roles as the FDA in the U.S.
Last month, the agency reported that some hackers compromised its server and state data about the COVID-19 vaccine from BioNTech and Pfizer.
According to the report then, the threat actors had access to the regulatory submission for COVID-19 vaccine candidate BNT162b2, which was stored on the EMA server.
The investigation of the hacking incident is still ongoing before the latest development. The report revealed that some of the breached data from the EMA server have been leaked on the internet.
The breach didn’t affect any system
The EMA didn’t disclose any specific details about the cyberattack in December. It also did not disclose what specific data was accessed or the initial point of compromise on the server. However, the agency said it has been notifying those whose personal data and documents may have been accessed by the threat actors.
The BNT162b2 COVID-19 vaccine has been released across the UK, while it’s about to get approved and released in other countries. Both BioNTech and Pfizer submitted their COVID-19 vaccine approval request to the EMA on December 1.
BioNTech and Pfizer said although the files and data they submitted to the EMA were breached last month, none of their systems or servers was affected.
When BioNTech was contacted for further comments about the recent incident, the company declined to comment. Also, a Pfizer spokesperson refused to make any further comment beyond the report that has been made public by the company.
After the earlier vaccine submission by both BioNTech and Pfizer, the EMA approved another vaccine earlier in the month from Moderna Inc. Another vaccine developed by the University of Oxford and AstraZeneca Plc is under review. EMA said it may have a reply for approval on the third vaccine by January 29.
The agency also has another potential vaccine review from Johnson & Johnson. However, it may take a little time to decide on that option because it hasn’t been tested properly on an extensive scale.
Since the start of the COVID-19 pandemic and the rush by companies to produce its vaccine, some state-backed hackers, especially from China and Russia, have targeted medical and research institutions involved in the Vaccine development.
“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident,” a Pfizer spokesperson revealed.
He added that the company will not be taking any further action until EMA concludes its investigation over the breach and data leak. The spokesperson said after then, Pfizer will take appropriate actions under E.U. law.