Hackers who stole confidential Pfizer/BioNTech vaccine documents from the European Medicines Agency (EMA) went further by publishing altered versions containing false information, which the EMA has debunked.
In December 2020, the EMA disclosed a cyberattack where hackers stole documents on COVID-19 vaccines from labs including Pfizer and Moderna. On January 12, 2021, the EMA reported that certain Pfizer documents had been published on a Russian forum on the dark web, later appearing on a prominent, accessible data sales site.
Further investigation led to an EMA statement on January 15, 2021, confirming the data belonged to Pfizer but noting that some had been modified. The hackers—whose origins remain unknown—appear to have aimed at amplifying vaccine skepticism.
The breach targeted the BNT162b2 vaccine from Pfizer and BioNTech. In November 2020, the companies reported 90% efficacy in preventing SARS-CoV-2 infections based on preliminary phase 3 trial results from an ongoing study. As an mRNA vaccine—a promising but novel technology—it fueled some mistrust.
The EMA assesses and approves medicines for the EU market, rigorously reviewing lab-submitted documents to ensure compliance with standards. Hackers also accessed internal and confidential email exchanges on vaccine evaluations, which were altered and partially published.
Numerous cyberattacks have previously hit vaccine development, transport, and storage, but this was the first to result in public disclosure.
