Hackers have started leaking documents related to COVID-19 medicine and vaccines that were stolen from the European Medicines Agency (EMA) in early December 2020.
The data breach resulted in “a limited number of documents belonging to third parties” being unlawfully accessed, EMA announced on December 11. An investigation was immediately launched into the incident.
While EMA did not provide information on the affected third-parties, Pfizer and BioNTech at the time published a joint statement to reveal that the incident resulted in hackers accessing “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2.”
At the time, Pfizer and BioNTech also said that no trial participants appeared to have been identified using the accessed data.
One week later, EMA, which contacted law enforcement and contracted a third-party firm to support the investigation into the incident, reiterated that the data breach affected only a limited number of documents.
On Wednesday, the agency revealed that the threat actor behind the data breach has published some of the documents that were stolen during the incident (in which a single IT application containing data related to COVID-19 medicines and vaccines was compromised).
“The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities,” EMA announced.
The regulator also notes that it continues to notify the entities and individuals who might have had documents or personal data accessed during the data breach.
“The Agency and the European medicines regulatory network remain fully functional and timelines related to the evaluation and approval of COVID-19 medicines and vaccines are not affected,” EMA also said.
While both EMA and the affected organizations refrained from providing specific information on the accessed files, BleepingComputer says Microsoft Word documents, PowerPoint presentations, email screenshots, EMA peer review comments, and PDF documents were stolen.
The hackers started leaking data allegedly stolen from EMA at the end of December.
Related: EU Agency Assessing Covid-19 Vaccines Hit by Cyberattack
Related: Vaccine Documents Hacked as West Grapples With Virus Surge

More from Ionut Arghire
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
