Hackers Expose Data Stolen During the Cyberattack on the European Medicines Agency

A cyberattack on the European Medicines Agency (EMA) last December allowed hackers to access third party files. A number of the data stolen during the cyberattack were leaked on the internet.

The EMA is the organization in charge of regulating the testing and approvals of COVID-19 vaccines, treatment methods, and research in the European Union. The EMA had earlier released an update about its investigation of the cyberattack and stated that just one IT program was breached. The EMA mentioned it has notified all third parties regarding the attack, though it did not name those organizations. In the investigation updates, the EMA stated the main intention of the attackers was to access COVID-19 treatment and vaccine data. Although it was apparent that the attackers had accessed documents, the EMA merely affirmed that the exfiltration of data.

Before the cyberattack, BioNTech and Pfizer sent their vaccine information to the EMA to move through the approval process. But the hackers accessed the server containing the documents submitted by Pfizer and BioNTech. Pfizer and BioNTech gave a joint declaration in December affirming the unauthorized access of documents associated with their BNT162b2 vaccine. Moderna has likewise reported receiving the notification from EMA that hackers accessed the information corresponding to its mRNA-1273 COVID-19 vaccine candidate.

In the January 12, 2021 update, the EMA affirmed that the attackers exfiltrated data and a number of the documents that were accessed unlawfully related to COVID-19 remedies and were exposed online.

Neither the EMA, BioNTech, nor Pfizer have revealed which documents were exposed or what data were exposed to the public; nonetheless, Bleeping Computer said the information stolen during the attack were posted on a number of hacking forums. A number of sources in the cybersecurity intelligence community had affirmed that the exposed information contained peer review information, screenshots of emails, and a number of PDF files, Word docs, and PowerPoint slides.

EMA still gives full support to the criminal investigation of the data breach. It is ready to notify other entities and persons who had their documents and personal information accessed unlawfully. The law enforcement agencies are helping to take down and protect the exposed information and identify the people behind the attack. It is presently uncertain who was liable for the cyberattack and whether a nation-state was involved.

The attack investigation is still ongoing, however, the EMA stated that the time frame for reviewing and processing approvals for the vaccines won’t be affected.