• The European Medicines Agency notified the company of the attack
  • The breach targeted information related to a vaccine submission
  • IBM last week identified a phishing campaign targeting the vaccine supply chain

German biotech company BioNTech said it was informed by European regulatory authorities that data related to its regulatory submission for its COVID-19 vaccine was accessed in a cybersecurity breach.

BioNTech and Pfizer are among the handful of companies seeking emergency-use authorization for its COVID-19 vaccine, BNT162b2. The British and Canadian governments were among the first to approve the vaccine, and the United States may do so as early as this week. European regulators said they’d make a decision before the end of the year.

BioNTech in a statement Wednesday said the European Medicines Agency revealed it was the target of a cyberattack, adding that some documents related to its submission for vaccine approval were accessed.

“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed,” it added.

Pfizer did not issue a statement regarding any data breach. Moderna, which is seeking approval for a separate vaccine, also said nothing about a cyberattack.

The EMA issued a short statement Wednesday on the cyberattack, saying it was conducting a full investigation in cooperation with law enforcement and other relevant agencies.

“EMA cannot provide additional details whilst the investigation is ongoing,” it stated. “Further information will be made available in due course.”

Last week, IBM’s threat intelligence task force set out to monitor threats to the supply chain for COVID-19 vaccines said it uncovered a global email campaign that targeted the cold-storage necessary to ship the vaccine.

The Pfizer/BioNTech vaccine requires extreme cold for storage, while Moderna’s requirements are closer to a kitchen freezer.

IBM explained that a person claiming to be a representative from China’s Haier Biomedical, a leader in the cold supply chain, sent fraudulent emails seeking private information from organizations believed to be involved at various stages of the transportation chain for COVID-19 vaccines.

“We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” it explained.

CNBC reported Wednesday that it’s believed that state-sponsored hackers from Russia may be behind some of the breaches, though the Kremlin denied the allegations. Russia is developing its own vaccine for COVID-19, which the government said Thursday had a 96.1% efficacy rate, a slight improvement from previous claims.

A member of staff poses with the Pfizer-BioNTech Covid-19 vaccine at a vaccination health centre in Cardiff, South Wales' on December 8, 2020
A member of staff poses with the Pfizer-BioNTech COVID-19 vaccine at a vaccination health center in Cardiff, South Wales on Dec. 8, 2020. POOL / JUSTIN TALLIS