Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3EName%3A%20%3C%2Fstrong%3ESmartCrowd%0D%3Cbr%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2018%0D%3Cbr%3E%3Cstrong%3EFounder%3A%20%3C%2Fstrong%3ESiddiq%20Farid%20and%20Musfique%20Ahmed%0D%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EDubai%0D%3Cbr%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EFinTech%20%2F%20PropTech%0D%3Cbr%3E%3Cstrong%3EInitial%20investment%3A%20%3C%2Fstrong%3E%24650%2C000%0D%3Cbr%3E%3Cstrong%3ECurrent%20number%20of%20staff%3A%3C%2Fstrong%3E%2035%0D%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%20%3C%2Fstrong%3ESeries%20A%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EVarious%20institutional%20investors%20and%20notable%20angel%20investors%20(500%20MENA%2C%20Shurooq%2C%20Mada%2C%20Seedstar%2C%20Tricap)%3C%2Fp%3E%0A
The specs
Engine: 3.0-litre six-cylinder turbo
Power: 398hp from 5,250rpm
Torque: 580Nm at 1,900-4,800rpm
Transmission: Eight-speed auto
Fuel economy, combined: 6.5L/100km
On sale: December
Price: From Dh330,000 (estimate)
COMPANY%20PROFILE%20
%3Cp%3E%3Cstrong%3ECompany%20name%3A%20%3C%2Fstrong%3EAlmouneer%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202017%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Dr%20Noha%20Khater%20and%20Rania%20Kadry%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EEgypt%3Cbr%3E%3Cstrong%3ENumber%20of%20staff%3A%20%3C%2Fstrong%3E120%3Cbr%3E%3Cstrong%3EInvestment%3A%20%3C%2Fstrong%3EBootstrapped%2C%20with%20support%20from%20Insead%20and%20Egyptian%20government%2C%20seed%20round%20of%20%3Cbr%3E%243.6%20million%20led%20by%20Global%20Ventures%3Cbr%3E%3C%2Fp%3E%0A
Timeline
2012-2015
The company offers payments/bribes to win key contracts in the Middle East
May 2017
The UK SFO officially opens investigation into Petrofac’s use of agents, corruption, and potential bribery to secure contracts
September 2021
Petrofac pleads guilty to seven counts of failing to prevent bribery under the UK Bribery Act
October 2021
Court fines Petrofac £77 million for bribery. Former executive receives a two-year suspended sentence
December 2024
Petrofac enters into comprehensive restructuring to strengthen the financial position of the group
May 2025
The High Court of England and Wales approves the company’s restructuring plan
July 2025
The Court of Appeal issues a judgment challenging parts of the restructuring plan
August 2025
Petrofac issues a business update to execute the restructuring and confirms it will appeal the Court of Appeal decision
October 2025
Petrofac loses a major TenneT offshore wind contract worth €13 billion. Holding company files for administration in the UK. Petrofac delisted from the London Stock Exchange
November 2025
180 Petrofac employees laid off in the UAE
Jetour T1 specs
Engine: 2-litre turbocharged
Power: 254hp
Torque: 390Nm
Price: From Dh126,000
Available: Now
Who's who in Yemen conflict
Houthis: Iran-backed rebels who occupy Sanaa and run unrecognised government
Yemeni government: Exiled government in Aden led by eight-member Presidential Leadership Council
Southern Transitional Council: Faction in Yemeni government that seeks autonomy for the south
Habrish 'rebels': Tribal-backed forces feuding with STC over control of oil in government territory
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
The biog
Date of birth: 27 May, 1995
Place of birth: Dubai, UAE
Status: Single
School: Al Ittihad private school in Al Mamzar
University: University of Sharjah
Degree: Renewable and Sustainable Energy
Hobby: I enjoy travelling a lot, not just for fun, but I like to cross things off my bucket list and the map and do something there like a 'green project'.
Common%20symptoms%20of%20MS
%3Cul%3E%0A%3Cli%3EFatigue%3C%2Fli%3E%0A%3Cli%3Enumbness%20and%20tingling%3C%2Fli%3E%0A%3Cli%3ELoss%20of%20balance%20and%20dizziness%3C%2Fli%3E%0A%3Cli%3EStiffness%20or%20spasms%3C%2Fli%3E%0A%3Cli%3ETremor%3C%2Fli%3E%0A%3Cli%3EPain%3C%2Fli%3E%0A%3Cli%3EBladder%20problems%3C%2Fli%3E%0A%3Cli%3EBowel%20trouble%3C%2Fli%3E%0A%3Cli%3EVision%20problems%3C%2Fli%3E%0A%3Cli%3EProblems%20with%20memory%20and%20thinking%3C%2Fli%3E%0A%3C%2Ful%3E%0A
'Saand Ki Aankh'
Produced by: Reliance Entertainment with Chalk and Cheese Films
Director: Tushar Hiranandani
Cast: Taapsee Pannu, Bhumi Pednekar, Prakash Jha, Vineet Singh
Rating: 3.5/5 stars
Desert Warrior
Starring: Anthony Mackie, Aiysha Hart, Ben Kingsley
Director: Rupert Wyatt
Rating: 3/5
Labour dispute
The insured employee may still file an ILOE claim even if a labour dispute is ongoing post termination, but the insurer may suspend or reject payment, until the courts resolve the dispute, especially if the reason for termination is contested. The outcome of the labour court proceedings can directly affect eligibility.
- Abdullah Ishnaneh, Partner, BSA Law
THE%20JERSEYS
%3Cp%3E%3Cstrong%3ERed%20Jersey%3C%2Fstrong%3E%0D%3Cbr%3EGeneral%20Classification%2C%20sponsored%20by%20Fatima%20bint%20Mubarak%20Ladies%20Academy%3A%20Worn%20daily%2C%20starting%20from%20Stage%202%2C%20by%20the%20leader%20of%20the%20General%20Classification.%0D%3Cbr%3E%3Cstrong%3EGreen%20Jersey%3C%2Fstrong%3E%0D%3Cbr%3EPoints%20Classification%2C%20sponsored%20by%20Bike%20Abu%20Dhabi%3A%20Worn%20daily%2C%20starting%20from%20Stage%202%2C%20by%20the%20fastest%20sprinter.%0D%3Cbr%3E%3Cstrong%3EWhite%20Jersey%3C%2Fstrong%3E%0D%3Cbr%3EYoung%20Rider%20Classification%2C%20sponsored%20by%20Abu%20Dhabi%20360%3A%20Worn%20daily%2C%20starting%20from%20Stage%202%2C%20by%20the%20best%20young%20rider%20(U25).%0D%3Cbr%3E%3Cstrong%3EBlack%20Jersey%3C%2Fstrong%3E%0D%3Cbr%3EIntermediate%20Sprint%20Classification%2C%20sponsored%20by%20Experience%20Abu%20Dhabi%3A%20Worn%20daily%2C%20starting%20from%20Stage%202%2C%20by%20the%20rider%20who%20has%20gained%20most%20Intermediate%20sprint%20points.%3C%2Fp%3E%0A
The%20Woman%20King%20
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Gina%20Prince-Bythewood%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%3C%2Fstrong%3E%20Viola%20Davis%2C%20Thuso%20Mbedu%2C%20Sheila%20Atim%2C%20Lashana%20Lynch%2C%20John%20Boyega%C2%A0%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%203%2F5%3C%2Fp%3E%0A
F1 The Movie
Starring: Brad Pitt, Damson Idris, Kerry Condon, Javier Bardem
Director: Joseph Kosinski
Rating: 4/5
More from Neighbourhood Watch:
The biog
Name: Dhabia Khalifa AlQubaisi
Age: 23
How she spends spare time: Playing with cats at the clinic and feeding them
Inspiration: My father. He’s a hard working man who has been through a lot to provide us with everything we need
Favourite book: Attitude, emotions and the psychology of cats by Dr Nicholes Dodman
Favourit film: 101 Dalmatians - it remind me of my childhood and began my love of dogs
Word of advice: By being patient, good things will come and by staying positive you’ll have the will to continue to love what you're doing
The%20US%20Congress%20explained
%3Cp%3E-%20Congress%20is%20one%20of%20three%20branches%20of%20the%20US%20government%2C%20and%20the%20one%20that%20creates%20the%20nation's%20federal%20laws%3C%2Fp%3E%0A%3Cp%3E-%20Congress%20is%20divided%20into%20two%20chambers%3A%20The%20House%20of%20Representatives%20and%20the%20Senate%3C%2Fp%3E%0A%3Cp%3E-%C2%A0The%20House%20is%20made%20up%20of%20435%20members%20based%20on%20a%20state's%20population.%20House%20members%20are%20up%20for%20election%20every%20two%20years%3C%2Fp%3E%0A%3Cp%3E-%20A%20bill%20must%20be%20approved%20by%20both%20the%20House%20and%20Senate%20before%20it%20goes%20to%20the%20president's%20desk%20for%20signature%3C%2Fp%3E%0A%3Cp%3E-%20A%20political%20party%20needs%20218%20seats%20to%20be%20in%20control%20of%20the%20House%20of%20Representatives%3C%2Fp%3E%0A%3Cp%3E-%20The%20Senate%20is%20comprised%20of%20100%20members%2C%20with%20each%20state%20receiving%20two%20senators.%20Senate%20members%20serve%20six-year%20terms%3C%2Fp%3E%0A%3Cp%3E-%20A%20political%20party%20needs%2051%20seats%20to%20control%20the%20Senate.%20In%20the%20case%20of%20a%2050-50%20tie%2C%20the%20party%20of%20the%20president%20controls%20the%20Senate%3C%2Fp%3E%0A
Benefits of first-time home buyers' scheme
- Priority access to new homes from participating developers
- Discounts on sales price of off-plan units
- Flexible payment plans from developers
- Mortgages with better interest rates, faster approval times and reduced fees
- DLD registration fee can be paid through banks or credit cards at zero interest rates
German intelligence warnings
- 2002: "Hezbollah supporters feared becoming a target of security services because of the effects of [9/11] ... discussions on Hezbollah policy moved from mosques into smaller circles in private homes." Supporters in Germany: 800
- 2013: "Financial and logistical support from Germany for Hezbollah in Lebanon supports the armed struggle against Israel ... Hezbollah supporters in Germany hold back from actions that would gain publicity." Supporters in Germany: 950
- 2023: "It must be reckoned with that Hezbollah will continue to plan terrorist actions outside the Middle East against Israel or Israeli interests." Supporters in Germany: 1,250
Source: Federal Office for the Protection of the Constitution
