Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine

By | January 15, 2021
Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine
Getty Images

Last month, the makers of one of the most promising coronavirus vaccines reported that hackers stole confidential documents they had submitted to a European Union regulatory body. On Friday, word emerged that the hackers have falsified some of the submissions’ contents and published them on the Internet.

Studies of the BNT162b2 vaccine jointly developed by pharmaceutical companies Pfizer and BioNTech found it’s 95 percent effective at preventing COVID-19 and is consistently effective across age, gender, race, and ethnicity demographics. Despite near-universal consensus among scientists that the vaccine is safe, some critics have worried it isn’t. The hackers appear to be trying to stoke those unsupported worries.

Data unlawfully accessed by the hackers “included internal/confidential email correspondence dating from November, relating to evaluation processes for COVID-19 vaccines,” the European Medicines Agency based in Amsterdam said in a statement. “Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.”

Friday’s statement didn’t say where the documents were posted or how they were falsified. An EMA spokeswoman said in an email that: “We have seen that some of the correspondence has been published not in its integrity and original form and/or with comments or additions by the perpetrators.” She declined to elaborate. Pfizer officials declined to comment. BioNTech representatives couldn’t immediately be reached.

According to sleuthing by Empoli, Italy-based security company Yarix, more than 33 megabytes of data from the EMA hack were posted to a well-known forum on the dark Web site in late December. The dark Web post, titled “Astonishing fraud! Evil Pfffizer! Fake vaccines!” included a link to a forum on a Russian-language website.

“There are no certain elements that allow to confirm that the data recovered is only a part of the Leak or if it actually includes all the data stolen in the breach,” the Yarix post, which was published Monday, read after being run through Google Translate. “On the other hand, the intention behind the leak by cybercriminals is certain: that of causing significant damage to the reputation and credibility of EMA and Pfizer.”

Confidential COVID-19 vaccine data has been a hot commodity for hackers since the start of the pandemic. The EMA’s disclosure is among the first—if not the first—times accessed vaccine documents have been published.