BERLIN – German pharmaceutical company BioNTech and its U.S. partner Pfizer say data on their coronavirus vaccine were “unlawfully accessed” during a cyberattack on the servers of the European Medicines Agency.
The Amsterdam-based agency, which is considering requests for conditional marketing authorization for several coronavirus vaccines to be used in the 27-nation European Union, said earlier Wednesday that it had been the target of a cyberattack.
The EMA declined to provide more details of the attack while the investigation was continuing, but the two companies later released a statement saying that “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”
They added that no BioNTech or Pfizer systems had been breached in connection with the incident and that they weren't aware that any study participants had been identified as a result of the data being accessed.
“At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with EU law,” the companies said. “EMA has assured us that the cyber attack will have no impact on the timeline for its review.”
The vaccine made by BioNTech and Pfizer became the first thoroughly vetted shot to be granted emergency authorization in Britain last week, and in Canada on Wednesday. The U.S. FDA is expected to consider a submission for approval Thursday.
It would not be the first time an entity linked with coronavirus vaccines has been targeted by cybercriminals.
Last month, Microsoft said it had detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers.
Microsoft said most of the targets — located in Canada, France, India, South Korea and the United States — were “directly involved in researching vaccines and treatments for COVID-19.” It did not name the targets but said most had vaccine candidates in various stages of clinical trials.
Earlier this month Marene Allison, Johnson & Johnson's chief information security officer, said that while she was confident that major pharmaceutical companies like hers have strong defenses in place against hackers, some third parties involved in the process may not.