European Medicines Agency confirms data breach

The European Medicines Agency (EMA) has confirmed that data had been breached in a cyber-attack which took place last week.

The EMA, the drugs regulator for the European Union, added that a limited number of third-party documents were unlawfully accessed.

In its statement the EMA said that the full investigation launched by itself, “in close cooperation with law enforcement and other relevant entities, demonstrated that data has been breached”.

“An initial review revealed that a limited number of documents belonging to third parties were unlawfully accessed. The concerned companies are being informed.

“The Agency remains fully functional and its timelines related to the evaluation and approval of COVID-19 vaccines and treatments are not affected.

“EMA will continue to provide information in due course, to the extent possible, given its duty towards the ongoing investigations.”

The EMA had not provided any details on 9 December, when it first disclosed the cyber-attack, but Pfizer Inc and BioNTech SE had said documents related to the development of their COVID-19 vaccine had been “unlawfully accessed”.

The EMA’s initial disclosure came on the same day that FireEye, one of the largest cybersecurity companies in the United States, announced that it had become the latest victim of a targeted cyber hacking.

The company suggested that the breach was most likely by a foreign government, leading to the theft of an array of internal hacking tools typically used to test the cyber defences of its clients.

The cyber-attack on FireEye is especially galling given that it is a company with a number of business contracts across the national security space both in the United States and its allies.

Beyond the tool theft, it also appears that the hackers could also have been interested in a subset of FireEye customers: government agencies.

The FireEye breach was disclosed in a public filing with the US Securities and Exchange Commission citing CEO Kevin Mandia.