Pharmaceuticals giant Pfizer alleges that an employee stole COVID-19 vaccine secrets in advance of a job move to a rival company.
The New York-headquartered firm filed a complaint in a Californian district court earlier this week against “soon-to-be-former employee” Chun Xiao (Sherry) Li, according to Bloomberg Law.
It reportedly alleges that Li uploaded more than 12,000 files, including “scores” of confidential documents to a Google Drive account. They’re said to have included vaccine study analysis and info on the development of new drugs.
It’s claimed that the pharma giant detected the activity after installing software to monitor for suspicious behavior, such as uploading files to the cloud. The firm had reportedly already disabled USB access on employee devices.
Li allegedly uploaded the files over a three-day period in October 2021. Officials at the firm reportedly investigated and found an email containing a job offer from Californian pharma firm Xencor.
When confronted, Li is said to have claimed she was merely organizing her files offline. However, in the space of a few hours between meetings with Pfizer forensics staff, she deleted the files, according to the report.
Li transferred to San Diego from Pfizer’s product development group in China after working there for a decade.
“Pfizer takes the safeguarding of sensitive and confidential information very seriously,” a statement from the firm noted. “Protecting that information is critical to scientific innovation, ultimately enabling us to deliver breakthroughs for patients.”
ImmuniWeb founder Ilia Kolochenko explained that pharmaceutical firms are a significant target for both nation-state and financially motivated threat actors.
“Some intrusion campaigns are extremely sophisticated and may deliberately include false flags, such as insider-related incidents, to serve as a smokescreen aimed to distract cybersecurity teams from a much bigger intrusion,” he added.
“This may also be a case with the disclosed Pfizer incident, but it’s too early to make any conclusions at this point in time.”
Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine