Following the unceremonious cyberattack on the European Medicines Agency, cybercriminals have leaked Covid-19 vaccination data from Pfizer and BioNTech. The EMA is a decentralized agency related to the European Union. They are responsible for both reviewing and approving vaccines before distribution. They are also the sole force in monitoring and evaluating these medicines.
On the first of December, the European Medicines Agency revealed in a statement entitled “Cyberattack on EMA – update 4” that, “The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties [had] been leaked on the internet.” Though the Agency remained fully functional, they launched a criminal investigation to see if any related parties had been affected.
Today, BioNTech released a statement revealing that documents relating to their vaccine development had been unlawfully accessed during the attack on the EMA. In BioNTech’s “Statement Regarding Cyber Attack on European Medicines Agency,” they inform that “that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2 […] had been unlawfully accessed.” The statement assures that BioNTech and Pfizer’s individual systems have not been breached, but rather that information that they had stored on an EMA server was breached.
Both the EMA and BioNTech also assure that the cyber attack will have no impact on the vaccine distribution timeline. However, this attack serves as a stark reminder that cybercriminals will continue to use anything – from pandemics to natural disasters – as a strategic asset. Whether merely taking advantage of the chaos for financial gain, or trying to disrupt the vaccine delivery process, cybercriminals will always try to strike during times of discord, when our guards are down.