Pfizer Inc said some documents it had submitted to Europe’s top drug regulator regarding its Covid-19 vaccine had been accessed in a cyber-attack on the agency.

The US drugmaker and German partner BioNTech SE said in a statement they had been told by the European Medicines Agency that some documents relating to the regulatory submission for their experimental vaccine that had been stored on the EMA server had been unlawfully accessed.

The companies said that none of their systems had been breached in connection with the incident and that they are "unaware that any study participants have been identified through the data being accessed.”

Pfizer and BioNTech said the EMA informed them that the attack would have no effect on the timing of the vaccine review. The regulator is evaluating clinical trial data on a rolling basis, and a clearance is expected toward the end of the year. The shot also faces a crucial hearing before a US Food and Drug Administration panel on Dec 10 that could lead to swift approval.

Pfizer shares closed on Dec 9 down 1.7% to US$41.85 (RM169.91) in New York.

The EMA issued a brief statement on Dec 9 saying that it had been attacked and had "swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities.” It declined further comment.

Moderna Inc, another US-based pharmaceutical company with a comparable Covid-19 vaccine in development, said it hadn’t received any notification from the European regulator about a data breach.

"We are engaged with them and monitoring the situation,” a company spokesperson said. "Moderna remains highly vigilant to potential cybersecurity threats.”

Both the Pfizer-BioNTech and Moderna two-dose vaccine regimens rely on a new technology known as messenger RNA. Moderna is slightly behind Pfizer in the race to bring forth an authorised Covid-19 vaccine. The biotechnology company has approached the EMA for a conditional marketing authorisation and is also under a rolling review. A clearance could be issued within weeks, according to the EMA.

The US Food and Drug Administration, the American drug regulator, declined to say whether it had been targeted by hackers recently.

"Information security and the protection of industry and public health information are among FDA’s highest priorities,” according to Stephanie Caccomo, media relations director. "The agency is always enhancing its cybersecurity strategies to ensure FDA information security systems provide adequate protection of industry data and public health information.”

Since the pandemic began, hackers aligned with governments including Russia and China have been accused of targeting companies and research institutions working on Covid-19 research. Cybersecurity researchers at International Business Machines Corp, for instance, recently disclosed that unknown hackers, probably tied to a nation-state, were targeting companies and government agencies involved in vaccine distribution.

The hackers pretended they were from one of the world’s largest cold-chain providers, who offer the type of refrigeration necessary for certain vaccines. It wasn’t clear if the victims fell for the scam. But if they did, the credentials they stole could help an attacker "gain insight into internal communications, as well as the process, methods and plans to distribute a Covid-19 vaccine,” IBM Security said in a statement.

In addition, in November, Microsoft Corp said hackers in Russia and North Korea had targeted seven "prominent” companies working on vaccines and treatment research. Microsoft, which didn’t identify the companies, said the majority of the attacks were blocked.

In July, the United Kingdom, United States and Canadian governments accused Russian intelligence of attempting to steal private information from researchers racing to develop a vaccine. And in May, the US government warned that hackers working for the Chinese government were trying to steal research on vaccines and treatments from US health care, pharmaceutical and research organisations. – Bloomberg