Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
MATCH INFO
Juventus 1 (Dybala 45')
Lazio 3 (Alberto 16', Lulic 73', Cataldi 90 4')
Red card: Rodrigo Bentancur (Juventus)
THE SPECS
Range Rover Sport Autobiography Dynamic
Engine: 5.0-litre supercharged V8
Transmission: six-speed manual
Power: 518bhp
Torque: 625Nm
Speed: 0-100kmh 5.3 seconds
Price: Dh633,435
On sale: now
Kanye%20West
%3Cp%3EYe%20%E2%80%94%20the%20rapper%20formerly%20known%20as%20Kanye%20West%20%E2%80%94%20has%20seen%20his%20net%20worth%20fall%20to%20%24400%20million%20in%20recent%20weeks.%20That%E2%80%99s%20a%20precipitous%20drop%20from%20Bloomberg%E2%80%99s%20estimates%20of%20%246.8%20billion%20at%20the%20end%20of%202021.%3Cbr%3EYe%E2%80%99s%20wealth%20plunged%20after%20business%20partners%2C%20including%20Adidas%2C%20severed%20ties%20with%20him%20on%20the%20back%20of%20anti-Semitic%20remarks%20earlier%20this%20year.%3Cbr%3EWest%E2%80%99s%20present%20net%20worth%20derives%20from%20cash%2C%20his%20music%2C%20real%20estate%20and%20a%20stake%20in%20former%20wife%20Kim%20Kardashian%E2%80%99s%20shapewear%20firm%2C%20Skims.%3C%2Fp%3E%0A
Biggest%20applause
%3Cp%3EAsked%20to%20rate%20Boris%20Johnson's%20leadership%20out%20of%2010%2C%20Mr%20Sunak%20awarded%20a%20full%2010%20for%20delivering%20Brexit%20%E2%80%94%20remarks%20that%20earned%20him%20his%20biggest%20round%20of%20applause%20of%20the%20night.%20%22My%20views%20are%20clear%2C%20when%20he%20was%20great%20he%20was%20great%20and%20it%20got%20to%20a%20point%20where%20we%20need%20to%20move%20forward.%20In%20delivering%20a%20solution%20to%20Brexit%20and%20winning%20an%20election%20that's%20a%2010%2F10%20-%20you've%20got%20to%20give%20the%20guy%20credit%20for%20that%2C%20no-one%20else%20could%20probably%20have%20done%20that.%22%3C%2Fp%3E%0A
Gulf Under 19s final
Dubai College A 50-12 Dubai College B
KLOPP%20AT%20LIVERPOOL
%3Cp%3EYears%3A%20October%202015%20-%20June%202024%3Cbr%3ETotal%20games%3A%20491%3Cbr%3EWin%20percentage%3A%2060.9%25%3Cbr%3EMajor%20trophies%3A%206%20(Premier%20League%20x%201%2C%20Champions%20League%20x%201%2C%20FA%20Cup%20x%201%2C%20League%20Cup%20x%202%2C%20Fifa%20Club%20World%20Cup%20x1)%3C%2Fp%3E%0A
MO
%3Cp%3E%3Cstrong%3ECreators%3A%20%3C%2Fstrong%3EMohammed%20Amer%2C%20Ramy%20Youssef%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%20%3C%2Fstrong%3EMohammed%20Amer%2C%20Teresa%20Ruiz%2C%20Omar%20Elba%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
Various Artists
Habibi Funk: An Eclectic Selection Of Music From The Arab World (Habibi Funk)
Killing of Qassem Suleimani
Score
New Zealand 266 for 9 in 50 overs
Pakistan 219 all out in 47.2 overs
New Zealand win by 47 runs
New Zealand lead three-match ODI series 1-0
Next match: Zayed Cricket Stadium, Abu Dhabi, Friday
Company%20profile
%3Cp%3E%3Cstrong%3ECompany%20name%3A%20%3C%2Fstrong%3EHakbah%0D%3Cbr%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2018%0D%3Cbr%3E%3Cstrong%3EFounder%3A%20%3C%2Fstrong%3ENaif%20AbuSaida%0D%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3ESaudi%20Arabia%0D%3Cbr%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EFinTech%0D%3Cbr%3E%3Cstrong%3ECurrent%20number%20of%20staff%3A%20%3C%2Fstrong%3E22%20%0D%3Cbr%3E%3Cstrong%3EInitial%20investment%3A%20%3C%2Fstrong%3E%24200%2C000%0D%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%20%3C%2Fstrong%3Epre-Series%20A%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EGlobal%20Ventures%20and%20Aditum%20Investment%20Management%0D%3Cbr%3E%3Cbr%3E%3C%2Fp%3E%0A
What is Diwali?
The Hindu festival is at once a celebration of the autumn harvest and the triumph of good over evil, as outlined in the Ramayana.
According to the Sanskrit epic, penned by the sage Valmiki, Diwali marks the time that the exiled king Rama – a mortal with superhuman powers – returned home to the city of Ayodhya with his wife Sita and brother Lakshman, after vanquishing the 10-headed demon Ravana and conquering his kingdom of Lanka. The people of Ayodhya are believed to have lit thousands of earthen lamps to illuminate the city and to guide the royal family home.
In its current iteration, Diwali is celebrated with a puja to welcome the goodness of prosperity Lakshmi (an incarnation of Sita) into the home, which is decorated with diyas (oil lamps) or fairy lights and rangoli designs with coloured powder. Fireworks light up the sky in some parts of the word, and sweetmeats are made (or bought) by most households. It is customary to get new clothes stitched, and visit friends and family to exchange gifts and greetings.
Ferrari 12Cilindri specs
Engine: naturally aspirated 6.5-liter V12
Power: 819hp
Torque: 678Nm at 7,250rpm
Price: From Dh1,700,000
Available: Now
Ten tax points to be aware of in 2026
1. Domestic VAT refund amendments: request your refund within five years
If a business does not apply for the refund on time, they lose their credit.
2. E-invoicing in the UAE
Businesses should continue preparing for the implementation of e-invoicing in the UAE, with 2026 a preparation and transition period ahead of phased mandatory adoption.
3. More tax audits
Tax authorities are increasingly using data already available across multiple filings to identify audit risks.
4. More beneficial VAT and excise tax penalty regime
Tax disputes are expected to become more frequent and more structured, with clearer administrative objection and appeal processes. The UAE has adopted a new penalty regime for VAT and excise disputes, which now mirrors the penalty regime for corporate tax.
5. Greater emphasis on statutory audit
There is a greater need for the accuracy of financial statements. The International Financial Reporting Standards standards need to be strictly adhered to and, as a result, the quality of the audits will need to increase.
6. Further transfer pricing enforcement
Transfer pricing enforcement, which refers to the practice of establishing prices for internal transactions between related entities, is expected to broaden in scope. The UAE will shortly open the possibility to negotiate advance pricing agreements, or essentially rulings for transfer pricing purposes.
7. Limited time periods for audits
Recent amendments also introduce a default five-year limitation period for tax audits and assessments, subject to specific statutory exceptions. While the standard audit and assessment period is five years, this may be extended to up to 15 years in cases involving fraud or tax evasion.
8. Pillar 2 implementation
Many multinational groups will begin to feel the practical effect of the Domestic Minimum Top-Up Tax (DMTT), the UAE's implementation of the OECD’s global minimum tax under Pillar 2. While the rules apply for financial years starting on or after January 1, 2025, it is 2026 that marks the transition to an operational phase.
9. Reduced compliance obligations for imported goods and services
Businesses that apply the reverse-charge mechanism for VAT purposes in the UAE may benefit from reduced compliance obligations.
10. Substance and CbC reporting focus
Tax authorities are expected to continue strengthening the enforcement of economic substance and Country-by-Country (CbC) reporting frameworks. In the UAE, these regimes are increasingly being used as risk-assessment tools, providing tax authorities with a comprehensive view of multinational groups’ global footprints and enabling them to assess whether profits are aligned with real economic activity.
Contributed by Thomas Vanhee and Hend Rashwan, Aurifer
Other acts on the Jazz Garden bill
Sharrie Williams
The American singer is hugely respected in blues circles due to her passionate vocals and songwriting. Born and raised in Michigan, Williams began recording and touring as a teenage gospel singer. Her career took off with the blues band The Wiseguys. Such was the acclaim of their live shows that they toured throughout Europe and in Africa. As a solo artist, Williams has also collaborated with the likes of the late Dizzy Gillespie, Van Morrison and Mavis Staples.
Lin Rountree
An accomplished smooth jazz artist who blends his chilled approach with R‘n’B. Trained at the Duke Ellington School of the Arts in Washington, DC, Rountree formed his own band in 2004. He has also recorded with the likes of Kem, Dwele and Conya Doss. He comes to Dubai on the back of his new single Pass The Groove, from his forthcoming 2018 album Stronger Still, which may follow his five previous solo albums in cracking the top 10 of the US jazz charts.
Anita Williams
Dubai-based singer Anita Williams will open the night with a set of covers and swing, jazz and blues standards that made her an in-demand singer across the emirate. The Irish singer has been performing in Dubai since 2008 at venues such as MusicHall and Voda Bar. Her Jazz Garden appearance is career highlight as she will use the event to perform the original song Big Blue Eyes, the single from her debut solo album, due for release soon.
Blackpink World Tour [Born Pink] In Cinemas
Starring: Rose, Jisoo, Jennie, Lisa
Directors: Min Geun, Oh Yoon-Dong
Rating: 3/5
Yahya Al Ghassani's bio
Date of birth: April 18, 1998
Playing position: Winger
Clubs: 2015-2017 – Al Ahli Dubai; March-June 2018 – Paris FC; August – Al Wahda
Your Guide to the Home
- Level 1 has a valet service if you choose not to park in the basement level. This level houses all the kitchenware, including covetable brand French Bull, along with a wide array of outdoor furnishings, lamps and lighting solutions, textiles like curtains, towels, cushions and bedding, and plenty of other home accessories.
- Level 2 features curated inspiration zones and solutions for bedrooms, living rooms and dining spaces. This is also where you’d go to customise your sofas and beds, and pick and choose from more than a dozen mattress options.
- Level 3 features The Home’s “man cave” set-up and a display of industrial and rustic furnishings. This level also has a mother’s room, a play area for children with staff to watch over the kids, furniture for nurseries and children’s rooms, and the store’s design studio.
The%20specs
%3Cp%3E%3Cstrong%3EPowertrain%3A%20%3C%2Fstrong%3ESingle%20electric%20motor%0D%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E201hp%0D%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E310Nm%0D%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3ESingle-speed%20auto%0D%3Cbr%3E%3Cstrong%3EBattery%3A%20%3C%2Fstrong%3E53kWh%20lithium-ion%20battery%20pack%20(GS%20base%20model)%3B%2070kWh%20battery%20pack%20(GF)%0D%3Cbr%3E%3Cstrong%3ETouring%20range%3A%20%3C%2Fstrong%3E350km%20(GS)%3B%20480km%20(GF)%0D%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3EFrom%20Dh129%2C900%20(GS)%3B%20Dh149%2C000%20(GF)%0D%3Cbr%3E%3Cstrong%3EOn%20sale%3A%3C%2Fstrong%3E%20Now%3C%2Fp%3E%0A
The five pillars of Islam
1. Fasting
2. Prayer
3. Hajj
4. Shahada
5. Zakat
500 People from Gaza enter France
115 Special programme for artists
25 Evacuation of injured and sick
