Earlier in December 2020, the European Medicines Agency had reported a cyberattack that was targeted towards the COVID-19 vaccination data, which was submitted to the EU drugs regulator for emergency approval. EMA stated, “A limited number of documents belonging to third parties were unlawfully accessed.” However, the investigation was ongoing and in the latest update, EMA has notified that a certain set of documents breached during the cyberattack have now been leaked online on the dark web forums, potentially for sale.
The Breach Victims – Pfizer and BioNTech
In the official statement given by the EMA, it did not mention the third parties whose data was breached in the cyberattack but said: “The concerned companies have been informed.” However, a day later, Pfizer and BioNTech, in a joint statement, stated that EMA did inform them about the breach and alerted them of an “unlawful access” to their regulatory submission documents stored on EMA’s server. Back then, the drug manufacturer had said that no personal data of the participants taking part in the vaccine trial was compromised in the cyberattack.
EMA Admits Data Leak
Ever since the cyberattack took place in December 2020, EMA has been on the lookout for any markers and has thoroughly been investigating the extent of the leak. But Italian cybersecurity firm, Yarix, has now broken the news that the data leaked during the cyberattack was put on sale on the dark web.
The cyber intelligence team at Yarix has found the following piece of information:
- The post entitled “Astonishing fraud! Evil Pfffizer! Fake vaccines!” was first published on a well-known underground forum on December 30, 2020, at 7:30 pm. (This was subsequently removed by the forum directors).
- In addition to the link to download the leaked documents (which no longer is available), the post refers to a thread posted in another forum, which is published in the Russian language.
- Having been removed, the post was re-posted at 15:25 hrs and to date is available on the dark web forum with new links and search files.
- The leaked files are contained in a zip folder called “EMA_LEAKS.zip.” The total data is worth 4MB and has two archives and a text file, which has the zip files extraction password.
- The two archives individually contain confidential documents divided into five folders and 50 files. The material in these files has references of the staff from EMA, Pfizer-BioNTech, and the European Commission.
- It has extracts of confidential conversations between EMA staff and members of the European Commission, relating to the vaccine production, validation, and marketing process.
- Additionally, the cybercriminal who has leaked the information has provided several screenshots and PDF documents that refer to EMA’s Eudralink portal, which is used for internal secure communications.
Yarix, however, stated, “There are no certain elements that allow confirming that the data recovered is only a part of the leak or if it actually includes all the data stolen in the breach. On the other hand, the intention behind the leak by cybercriminals is certain: that of causing significant damage to the reputation and credibility of EMA and Pfizer.”
Based on these new findings, EMA also stated,
Some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities. The Agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access.
Rolling out the COVID-19 vaccine is the need of the hour. The drug regulator was quick to inform that the European medicines regulatory network remained fully functional and timelines related to the evaluation and approval of COVID-19 medicines and vaccines are not being affected.