LONDON (Reuters) – US pharmaceutical maker Pfizer and its German partner BioNTech said on Wednesday that documents related to the development of their COVID-19 vaccine had been “illegally accessed” during a cyber attack against a European drug regulator.
The European Medicines Agency (EMA), which evaluates medicines and vaccines in the European Union, said hours earlier it had been targeted by a cyber attack. He did not provide further details.
Pfizer and BioNTech said they did not believe the personal data of the participants in the trial were compromised, and the EMA “assured us that the cyber attack had no effect on the timing of the review.”
It was not immediately clear when and how the attack took place, who was responsible, or what other information was compromised.
The two companies said the EMA had informed them that “the agency had been the subject of a cyber attack and that the documents related to the regulatory submission of Pfizer and BioNTech COVID-19 vaccine candidates had been reviewed”.
Such documents could be extremely valuable to other countries and companies in a hurry to develop vaccines, experts said.
“When it comes to data submitted to this type of regulatory body, we are talking about confidential information about the vaccine and its mechanism of action, efficacy, risks and known potential side effects, as well as any specific aspects such as treatment guidelines.” Marc Rogers, founder of the CTI League, a volunteer group fighting CTI-related violations.
“It also provides detailed information about other parties involved in the delivery and distribution of the vaccine and has the potential to significantly increase the attack surface of the vaccine,” he added additional methods for hacking or stealing preparations or products.
According to the companies, “no BioNTech or Pfizer system has been compromised in connection with this incident, and we are not aware that study participants have been identified through the available data.”
A BioNTech spokesman declined further comments. Pfizer did not respond to any further comments.
The Pfizer-BioNTech vaccine is one of the world’s most important competitors in defeating COVID-19. It is already administered in Britain.
The EMA has announced that it will complete its review by December 29, although its schedule is subject to change.
The EMA statement provided little detail about the attack, saying it would only conduct investigations with the help of law enforcement.
“The EMA cannot provide further details while the investigation is ongoing,” he said in a statement.
U.S. law enforcement and cyber security officials did not respond to requests for comments.
During the COVID-19 epidemic, hacking attempts against health and medical organizations intensified as attackers hunted for information, from state-sponsored spies to cybercriminals.
Reuters has previously reported allegations that hackers linked to North Korea, South Korea, Iran, Vietnam, China and Russia have separately tried to steal information about the virus and possible treatments.
Reuters documented that the espionage campaigns targeted a number of drug and vaccine companies, including Gilead, Johnson & Johnson, Novavax and Moderna. Regulators and international organizations such as the World Health Organization have also been attacked several times.
“Vaccine candidates represent liquid gold for many parties, both in terms of opportunity and pure market value,” said Rogers, also vice president of security company Okta Inc. “chain has significantly increased its value.”
The respiratory virus, which appeared in China in late 2019, infected more than 68 million people worldwide, according to Reuters. More than 1.5 million people died.
Additional accounts by Joseph Menn and Raphael Satter; Edited by Angus MacSwan and David Gregorio
