This article is more than 1 year old

EU Medicines Agency hacked, BioNTech-Pfizer coronavirus vaccine paperwork stolen, probe launched

Regulatory submissions for COVID-19 jab candidate 'unlawfully accessed'

The EU Medicines Agency today revealed it was hacked, just a week after infosec eggheads said foreign state hackers have been targeting European institutions.

In a notice to the media, the EMA said it had been "the subject of a cyberattack" and had "launched a full investigation, in close co-operation with law enforcement and other relevant entities". A spokeswoman declined to elaborate, pointing El Reg instead to the agency's brief statement: "EMA cannot provide additional details whilst the investigation is ongoing."

BioNTech, the German biotech firm that is developing a COVID-19 coronavirus vaccine with Pfizer, meanwhile, said it was told by EMA that the miscreants had stolen from an agency computer files submitted by BioNTech and Pfizer describing their vaccine as part of the regulatory approval process.

Specifically, we're told, "documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”

"It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed," BioNTech continued. "At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with EU law. EMA has assured us that the cyber attack will have no impact on the timeline for its review."

EMA has assured us that the cyber attack will have no impact on the timeline for its review

ENISA, the EU's cybersecurity agency, did not respond to a request for comment.

Any apparent attack against a medical regulatory institution prompts immediate thoughts of hostile state hackers, who have spent significant parts of 2020 targeting Western researchers working on vaccines for the COVID-19 virus. Despite viable vaccines now entering public use, less advanced countries, it appears, are still trying to steal valuable information in the hope of regaining parity with Western medical and production advances.

The EMA oversees and controls the work of EU member states' own medical regulatory agencies and plays a key role in the approval (or rejection) of potential coronavirus vaccines intended for use across the bloc's member states.

Generic illustration of the coronavirus

FYI Russia is totally hacking the West's labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies


Last week IBM's infosec research unit announced that malicious people from an unidentified nation state had been phishing "an EU governmental agency" that it also declined to name. At the time it was said that the phishers had posed as executives from Chinese refrigeration firm Haier's biomedical sciences division, whose products are likely to play a key part in distribution and storage of COVID-19 vaccines.

In May this year the UK, US and Canada jointly warned the world that Russia was actively hacking research institutions hunting for a viable vaccine. That came after a warning earlier in the year which didn't name the Russians – and, more importantly, had failed to scare them off.

While it's all too easy to think of an online axis of evil – Russia, China, North Korea, and occasionally Iran – as being behind all state-backed hacking, doing so is reductive. Earlier this year Vietnam was spotted trying to sneakily access the Chinese Ministry of Emergency Management and local government in Wuhan, the ground zero of the COVID-19 virus. ®

More about

More about

More about


Send us news

Other stories you might like