Hackers have started leaking documents related to COVID-19 medicine and vaccines that were stolen from the European Medicines Agency (EMA) in early December 2020.
The data breach resulted in “a limited number of documents belonging to third parties” being unlawfully accessed, EMA announced on December 11. An investigation was immediately launched into the incident.
While EMA did not provide information on the affected third-parties, Pfizer and BioNTech at the time published a joint statement to reveal that the incident resulted in hackers accessing “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2.”
At the time, Pfizer and BioNTech also said that no trial participants appeared to have been identified using the accessed data.
One week later, EMA, which contacted law enforcement and contracted a third-party firm to support the investigation into the incident, reiterated that the data breach affected only a limited number of documents.
On Wednesday, the agency revealed that the threat actor behind the data breach has published some of the documents that were stolen during the incident (in which a single IT application containing data related to COVID-19 medicines and vaccines was compromised).
“The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities,” EMA announced.
The regulator also notes that it continues to notify the entities and individuals who might have had documents or personal data accessed during the data breach.
“The Agency and the European medicines regulatory network remain fully functional and timelines related to the evaluation and approval of COVID-19 medicines and vaccines are not affected,” EMA also said.
While both EMA and the affected organizations refrained from providing specific information on the accessed files, BleepingComputer says Microsoft Word documents, PowerPoint presentations, email screenshots, EMA peer review comments, and PDF documents were stolen.
The hackers started leaking data allegedly stolen from EMA at the end of December.