Information relating to the one of the most promising coronavirus vaccines has been “unlawfully accessed” following a hack on the European regulatory body that’s in the final stages of approving it, the firms jointly developing the vaccine said on Wednesday.
The European Medicines Agency based in Amsterdam first disclosed the breach. The statement said only that the EMA had been subject to a cyberattack and that it had begun a joint investigation along with law enforcement. The agency didn’t say when the hack happened or whether the attackers sought vaccine information, tried to infect the network with ransomware, or wanted to pursue some other purpose. An EMA spokesperson said in an email that “the Agency is fully functional and work continues.”
Around the same time on Wednesday, pharmaceutical company Pfizer and biotech company BioNTech, issued a joint release that said, “Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s Covid-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”
The companies said that neither of their systems were involved in the breach and that neither company is aware of any compromised data that identifies study participants.
Studies of the BNT162b2 vaccine pharmaceutical that Pfizer and BioNTech are developing recently found it is 95 percent effective at preventing Covid-19 and is consistently effective across age, gender, race, and ethnicity demographics. The vaccine has been approved in the UK and Canada, and it is pending authorization elsewhere, including the European Union and the United States. The EMA is responsible for assessing and approving medicines, medical devices, and vaccines for the EU.
The past several months have seen a host of reports of hackers targeting research data related to the coronavirus and vaccines under development to prevent it. In July, the UK’s National Cyber Security Center said that “Cozy Bear,” a hacking group believed to be led by the Russian Foreign Intelligence Service, had used a variety of tools and techniques to target pharmaceutical companies and academic institutions working on potential vaccines.
The same month, federal prosecutors indicted two Chinese nationals on hacking charges and said the men had been trying to break into networks at a Maryland biotech firm and a Massachusetts biotech firm. Both firms were publicly known at the time of the hack to be working on Covid-19 vaccines.
Last month, Microsoft said that hackers from Russia and North Korea had targeted at least seven prominent companies involved in Covid-19 research in the US, Canada, France, India, and South Korea involved in Covid-19 research.
And last week, IBM said that people who were likely working on behalf of a nation-state had carried out a spear-phishing campaign against companies involved in the Covid-19 supply chain. Hackers have also tried to attack pharmaceutical companies involved in vaccine research, including Johnson & Johnson, Novavax, AstraZeneca, and South Korean laboratories, according to The Wall Street Journal. Other countries accused of trying to hack Covid-19 researchers, according to Reuters, include Vietnam and Iran.
This story originally appeared on Ars Technica.