Back
Latest Data Breach: The European Commission and AstraZeneca

By Alisa Fetic


Most citizens, consumers, and businesses are familiar with redactions - the black boxes, gray boxes, and other shapes that mask out sensitive information in documents. Redacting is a common practice in the world of legal matters, where organizations need to share information with each other while still preserving its confidentiality. But despite its importance, redacting isn't always conducted with the utmost attention to detail. There are several high-profile examples of redactions gone wrong, where confidential information was inadvertently disclosed due to human error or a lack of appropriate security measures.

 

In this article, we'll detail one of the most recent - involving The European Commission and AstraZeneca.

 

The onset of COVID-19 created a unique demand for all sorts of products. In March 2020, it was largely toilet paper, non-perishable food items, and masks. About a year later, however, with the finalization of clinical trials, a new item entered the spotlight: vaccines. As the world raced to inoculate as many people as possible before new variants of the virus spread, governments and organizations scrambled to secure vaccine doses.

 

The European Commission, the executive body of the European Union (EU), was one such entity. To ensure the equitable distribution of vaccines throughout its member states, it entered into negotiations with AstraZeneca, a British-Swedish pharmaceutical company, for the supply of 400 million doses.

 

The agreement was signed in August 2020, but it wasn't until January 2021 that the Commission published a redacted version of the contract. This was done in an effort to put pressure on the drug maker after months of delayed deliveries and what the bloc considered a 'failure to commitment'.

 

Unfortunately, this apparent effort to hold AstraZeneca accountable backfired spectacularly. The redactions in the public document weren't as thorough as they should have been, and a significant amount of confidential information was inadvertently revealed.

 

This includes the total value of the contract - €870m - as well as a breakdown of the "costs of goods". This information should have been obscured, as it could potentially be exploited by other pharmaceutical companies in their own negotiations with the Commission.

 

The actual reason for the redaction error is speculated to be a technical glitch, where whatever software was used to obscure the text failed to do its job properly. Some important information, including the number of doses and delivery deadlines of the contract, remained hidden.

 

The European Commission has since publicly acknowledged the breach, and released updated documents with the correct redactions. In the end, those that suffered the most were EU citizens, who were left waiting weeks or months longer for their vaccines.

 

This incident between the European Commission and AstraZeneca is yet another reminder of how important it is to pay attention to redactions. Organizations should always ensure that their security measures are up-to-date and appropriate - especially when sensitive documents are concerned - and that redactions are performed properly. Doing so can help to prevent confidential information from being disclosed accidentally – something the European Commission has learned the hard way.

 

After all, an ounce of prevention is worth a pound of cure.

You Might Also Be Interested In