The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Hackers Leak Stolen COVID-19 Vaccine Data Online

by Chris Brook on Thursday January 14, 2021

Contact Us
Free Demo
Chat

The breach has not affected the efficacy or approval of the vaccine in Europe.

Documents related to COVID-19 vaccines - stemming from last year's compromise of the European Medicines Agency (EMA) - have been leaked on the internet.

In an update on Tuesday - the EMA's fourth since news of the cyberattack broke in December - it confirmed that "some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet."

The EMA is the unit of the European Union in charge of overseeing medicine; it also regulates vaccines across the EU.

The EMA was fairly mum about the attack at first, claiming it was the victim of a cyberattack and that it had launched an investigation. It didn't elaborate on what may have been accessed, who may have accessed it and when exactly the attack happened. That day, perhaps in an effort to reiterate that their own systems weren't breached as part of the incident, Pfizer and BioNTech disclosed jointly that some of their documents on the vaccine candidate, BNT162b2 - data that had been stored on an EMA server - were involved in the attack.

It wasn’t known until this week that the data had actually been exfiltrated as part of the cyberattack.

In addition to documents related to COVID-19 medicines and vaccines, EMA confirmed that personal data may have been also been subject to unauthorized access during the breach. While not confirmed, some reports crediting cybersecurity experts claim the leaked data includes email screenshots, EMA peer review data, like comments and several PDF files, Word documents, and PowerPoint presentations, all which could contain personal data.

It's unclear exactly what the attackers are looking to prove by releasing the data online now. The hack didn't affect the EMA's regulatory network, nor did it affect any timelines around the evaluation and approval of the vaccines. According to the EMA, the attack took place after the companies had already submitted their vaccines to the EMA for approval in EU member states.

Vaccine data has been an appealing target for cybercriminals throughout the pandemic.

State sponsored attackers, believed to be working on behalf of Russian intelligence services and the People's Republic of China, have been carrying out spearphishing attacks, along with other high-profile exploits on organizations involved in the research and development of a vaccine all along.

The UK’s National Cyber Security Centre pinned some hacking attempts in July on APT29, also known as Cozy Bear, while the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in May that China-based attackers were eyeing health care, pharmaceutical, and research sectors working on COVID-19 response.

One of the latest COVID-related attacks involved a phishing campaign that targeted the cold chain - companies and organizations working to keep the vaccines refrigerated in transit.

Tags: hacks

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.