The European Medicines Agency (EMA) says it has been hit by a cyber-attack and documents relating to a Covid-19 vaccine have been accessed.
BioNTech, which makes one of the vaccines in partnership with Pfizer, said its regulatory submission was accessed during the attack.
The EMA is working on approval of two Covid-19 vaccines, which it expects to conclude within weeks.
The cyber-attack was not expected to impact that timeline, BioNTech said.
The EMA did not provide any details on the nature of the cyber-attack in a brief statement on its website, beyond saying a full investigation had been launched.
A spokesperson for the agency said it was still “functional”.
But BioNTech, in a statement published on its website, said it had been told its documents had been accessed.
“Today, we were informed… that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s Covid-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed,” it said.
“EMA has assured us that the cyber-attack will have no impact on the timeline for its review,” it added.
It said it had made the details of the hack public “given the critical public health considerations and the importance of transparency”.
And it also said it was “unaware” of any personal data of participants in its medical studies being compromised.
The EMA authorises the use of medicines across the European Union.
It is trying to decide if the Pfizer/BioNTech jab – which has just begun being rolled out in the UK – and another made by Moderna are safe for use in EU countries.
It is not clear if the Moderna documents have also been accessed.
The cyber-attack is the latest in a string of attacks and warnings about hacking threats against vaccine-makers and public health bodies.
The use of cyber-attacks against bodies involved in the vaccine rollout has been a feature of recent months.
Security services warned in the summer that Russian intelligence had been targeting organisations attempting to develop a successful vaccine.
In October, a pharmaceutical company based in India was the victim of a significant cyber-attack.
And in recent days, IBM said the cold storage suppy chain used to transport viable vaccines had come under cyber-attack – probably by a nation state.
The cyber-attack comes the day before the agency is due to update the European Parliament on the progress of the vaccine assessments.
Euro-MPs on the Public Health Committee are due to quiz the agency’s executive director “on how close the most advanced vaccines are to receiving authorisation”.
The UK’s National Cyber Security Centre, meanwhile, said there was no indication the cyber-attack would affect the rollout of the vaccine in the UK.
“We are working with international partners to understand the impact of this incident affecting the EU’s medicine regulator, but there is currently no evidence to suggest that the UK’s medicine regulator has been affected,” it said.