The European Medicines Agency (EMA) said on Wednesday that it was the victim of a cyber-attack.
In a short two-paragraph statement posted on its website today, the agency discloses the security breach. The EMA declined to provide more details of the attack as the investigation was continuing.
The German pharmaceutical company BioNTech and its U.S. partner Pfizer say data on their coronavirus vaccine were “unlawfully accessed” during a cyberattack on the servers of the European Medicines Agency.
The Amsterdam-based agency, which is considering requests for conditional marketing authorization for several coronavirus vaccines to be used in the 27-nation European Union, said on 9th December that it had been the target of a cyberattack.
The two companies later released a statement saying that “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”
“EMA has assured us that the cyber-attack will have no impact on the timeline for its review,” it added.
It further said that they had made the details of the hack public “given the critical public health considerations and the importance of transparency”.
And it also said it was “unaware” of any personal data of its 43,500 test subjects in its medical studies being compromised.
The UK’s National Cyber Security Centre said that it is supporting vaccine research and helping its defence against hackers.
“We are working with international partners to understand the impact of this incident affecting the EU’s medicine regulator, but there is currently no evidence to suggest that the UK’s medicine regulator has been affected,” the agency said.
The European Medicines Agency, the EU regulatory body is in charge of approving COVID-19 vaccines.
It is trying to decide if the Pfizer/BioNTech jab – which has just begun being rolled out in the UK – and another made by Moderna is safe for use in EU countries. It is not clear if the Moderna documents have also been accessed.
It would not be the first time an entity linked with coronavirus vaccines has been targeted by cybercriminals.
Last month, Microsoft said it had detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers.
Microsoft said most of the targets — located in Canada, France, India, South Korea and the United States — were “directly involved in researching vaccines and treatments for COVID-19.” It did not name the targets but said most had vaccine candidates in various stages of clinical trials.