Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
Also on December 7 to 9, the third edition of the Gulf Car Festival (www.gulfcarfestival.com) will take over Dubai Festival City Mall, a new venue for the event. Last year's festival brought together about 900 cars worth more than Dh300 million from across the Emirates and wider Gulf region – and that first figure is set to swell by several hundred this time around, with between 1,000 and 1,200 cars expected. The first day is themed around American muscle; the second centres on supercars, exotics, European cars and classics; and the final day will major in JDM (Japanese domestic market) cars, tuned vehicles and trucks. Individuals and car clubs can register their vehicles, although the festival isn’t all static displays, with stunt drifting, a rev battle, car pulls and a burnout competition.
GAC GS8 Specs
Engine: 2.0-litre 4cyl turbo
Power: 248hp at 5,200rpm
Torque: 400Nm at 1,750-4,000rpm
Transmission: 8-speed auto
Fuel consumption: 9.1L/100km
On sale: Now
Price: From Dh149,900
Who's who in Yemen conflict
Houthis: Iran-backed rebels who occupy Sanaa and run unrecognised government
Yemeni government: Exiled government in Aden led by eight-member Presidential Leadership Council
Southern Transitional Council: Faction in Yemeni government that seeks autonomy for the south
Habrish 'rebels': Tribal-backed forces feuding with STC over control of oil in government territory
Silent Hill f
Publisher: Konami
Platforms: PlayStation 5, Xbox Series X/S, PC
Rating: 4.5/5
COMPANY PROFILE
Founders: Alhaan Ahmed, Alyina Ahmed and Maximo Tettamanzi
Total funding: Self funded
Men’s singles
Group A: Son Wan-ho (Kor), Lee Chong Wei (Mas), Ng Long Angus (HK), Chen Long (Chn)
Group B: Kidambi Srikanth (Ind), Shi Yugi (Chn), Chou Tien Chen (Tpe), Viktor Axelsen (Den)
Women’s Singles
Group A: Akane Yamaguchi (Jpn), Pusarla Sindhu (Ind), Sayaka Sato (Jpn), He Bingjiao (Chn)
Group B: Tai Tzu Ying (Tpe), Sung Hi-hyun (Kor), Ratchanok Intanon (Tha), Chen Yufei (Chn)
Timeline
2012-2015
The company offers payments/bribes to win key contracts in the Middle East
May 2017
The UK SFO officially opens investigation into Petrofac’s use of agents, corruption, and potential bribery to secure contracts
September 2021
Petrofac pleads guilty to seven counts of failing to prevent bribery under the UK Bribery Act
October 2021
Court fines Petrofac £77 million for bribery. Former executive receives a two-year suspended sentence
December 2024
Petrofac enters into comprehensive restructuring to strengthen the financial position of the group
May 2025
The High Court of England and Wales approves the company’s restructuring plan
July 2025
The Court of Appeal issues a judgment challenging parts of the restructuring plan
August 2025
Petrofac issues a business update to execute the restructuring and confirms it will appeal the Court of Appeal decision
October 2025
Petrofac loses a major TenneT offshore wind contract worth €13 billion. Holding company files for administration in the UK. Petrofac delisted from the London Stock Exchange
November 2025
180 Petrofac employees laid off in the UAE
UAE FIXTURES
October 18 – 7.30pm, UAE v Oman, Zayed Cricket Stadium, Abu Dhabi
October 19 – 7.30pm, UAE v Ireland, Zayed Cricket Stadium, Abu Dhabi
October 21 – 2.10pm, UAE v Hong Kong, Zayed Cricket Stadium, Abu Dhabi
October 22 – 2.10pm, UAE v Jersey, Zayed Cricket Stadium, Abu Dhabi
October 24 – 10am, UAE v Nigeria, Abu Dhabi Cricket Oval 1
October 27 – 7.30pm, UAE v Canada, Zayed Cricket Stadium, Abu Dhabi
October 29 – 2.10pm, Playoff 1 – A2 v B3; 7.30pm, Playoff 2 – A3 v B2, at Dubai International Stadium.
October 30 – 2.10pm, Playoff 3 – A4 v Loser of Play-off 1; 7.30pm, Playoff 4 – B4 v Loser of Play-off 2 at Dubai International Stadium
November 1 – 2.10pm, Semifinal 1 – B1 v Winner of Play-off 1; 7.30pm, Semifinal 2 – A1 v Winner of Play-off 2 at Dubai International Stadium
November 2 – 2.10pm, Third place Playoff – B1 v Winner of Play-off 1; 7.30pm, Final, at Dubai International Stadium
Why it pays to compare
A comparison of sending Dh20,000 from the UAE using two different routes at the same time - the first direct from a UAE bank to a bank in Germany, and the second from the same UAE bank via an online platform to Germany - found key differences in cost and speed. The transfers were both initiated on January 30.
Route 1: bank transfer
The UAE bank charged Dh152.25 for the Dh20,000 transfer. On top of that, their exchange rate margin added a difference of around Dh415, compared with the mid-market rate.
Total cost: Dh567.25 - around 2.9 per cent of the total amount
Total received: €4,670.30
Route 2: online platform
The UAE bank’s charge for sending Dh20,000 to a UK dirham-denominated account was Dh2.10. The exchange rate margin cost was Dh60, plus a Dh12 fee.
Total cost: Dh74.10, around 0.4 per cent of the transaction
Total received: €4,756
The UAE bank transfer was far quicker – around two to three working days, while the online platform took around four to five days, but was considerably cheaper. In the online platform transfer, the funds were also exposed to currency risk during the period it took for them to arrive.
The specs
Price, base: Dh228,000 / Dh232,000 (est)
Engine: 5.7-litre Hemi V8
Transmission: Eight-speed automatic
Power: 395hp @ 5,600rpm
Torque: 552Nm
Fuel economy, combined: 12.5L / 100km
Key figures in the life of the fort
Sheikh Dhiyab bin Isa (ruled 1761-1793) Built Qasr Al Hosn as a watchtower to guard over the only freshwater well on Abu Dhabi island.
Sheikh Shakhbut bin Dhiyab (ruled 1793-1816) Expanded the tower into a small fort and transferred his ruling place of residence from Liwa Oasis to the fort on the island.
Sheikh Tahnoon bin Shakhbut (ruled 1818-1833) Expanded Qasr Al Hosn further as Abu Dhabi grew from a small village of palm huts to a town of more than 5,000 inhabitants.
Sheikh Khalifa bin Shakhbut (ruled 1833-1845) Repaired and fortified the fort.
Sheikh Saeed bin Tahnoon (ruled 1845-1855) Turned Qasr Al Hosn into a strong two-storied structure.
Sheikh Zayed bin Khalifa (ruled 1855-1909) Expanded Qasr Al Hosn further to reflect the emirate's increasing prominence.
Sheikh Shakhbut bin Sultan (ruled 1928-1966) Renovated and enlarged Qasr Al Hosn, adding a decorative arch and two new villas.
Sheikh Zayed bin Sultan (ruled 1966-2004) Moved the royal residence to Al Manhal palace and kept his diwan at Qasr Al Hosn.
Sources: Jayanti Maitra, www.adach.ae
The specs
Price, base / as tested Dh960,000
Engine 3.9L twin-turbo V8
Transmission Seven-speed dual-clutch automatic
Power 661hp @8,000rpm
Torque 760Nm @ 3,000rpm
Fuel economy, combined 11.4L / 100k
2025 Fifa Club World Cup groups
Group A: Palmeiras, Porto, Al Ahly, Inter Miami.
Group B: Paris Saint-Germain, Atletico Madrid, Botafogo, Seattle.
Group C: Bayern Munich, Auckland City, Boca Juniors, Benfica.
Group D: Flamengo, ES Tunis, Chelsea, (Leon banned).
Group E: River Plate, Urawa, Monterrey, Inter Milan.
Group F: Fluminense, Borussia Dortmund, Ulsan, Mamelodi Sundowns.
Group G: Manchester City, Wydad, Al Ain, Juventus.
Group H: Real Madrid, Al Hilal, Pachuca, Salzburg.
Uefa Champions League play-off
First leg: Wednesday, 11pm (UAE)
Ajax v Dynamo Kiev
Second leg: Tuesday, August 28, 11pm (UAE)
Dynamo Kiev v Ajax
UAE currency: the story behind the money in your pockets
Bookshops: A Reader's History by Jorge Carrión (translated from the Spanish by Peter Bush),
Biblioasis
The White Lotus: Season three
Creator: Mike White
Starring: Walton Goggins, Jason Isaacs, Natasha Rothwell
Rating: 4.5/5
The Vile
Starring: Bdoor Mohammad, Jasem Alkharraz, Iman Tarik, Sarah Taibah
Director: Majid Al Ansari
Rating: 4/5
How to avoid crypto fraud
- Use unique usernames and passwords while enabling multi-factor authentication.
- Use an offline private key, a physical device that requires manual activation, whenever you access your wallet.
- Avoid suspicious social media ads promoting fraudulent schemes.
- Only invest in crypto projects that you fully understand.
- Critically assess whether a project’s promises or returns seem too good to be true.
- Only use reputable platforms that have a track record of strong regulatory compliance.
- Store funds in hardware wallets as opposed to online exchanges.
BLACKBERRY
%3Cp%3EDirector%3A%20Matt%20Johnson%3C%2Fp%3E%0A%3Cp%3EStars%3A%20Jay%20Baruchel%2C%20Glenn%20Howerton%2C%20Matt%20Johnson%3C%2Fp%3E%0A%3Cp%3ERating%3A%204%2F5%3C%2Fp%3E%0A
Thor%3A%20Love%20and%20Thunder%20
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Taika%20Waititi%C2%A0%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%3C%2Fstrong%3E%20Chris%20Hemsworth%2C%20Natalie%20Portman%2C%20Christian%20Bale%2C%20Russell%20Crowe%2C%20Tessa%20Thompson%2C%20Taika%20Waititi%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
Four%20scenarios%20for%20Ukraine%20war
%3Cp%3E1.%20Protracted%20but%20less%20intense%20war%20(60%25%20likelihood)%3C%2Fp%3E%0A%3Cp%3E2.%20Negotiated%20end%20to%20the%20conflict%20(30%25)%3C%2Fp%3E%0A%3Cp%3E3.%20Russia%20seizes%20more%20territory%20(20%25)%3C%2Fp%3E%0A%3Cp%3E4.%20Ukraine%20pushes%20Russia%20back%20(10%25)%3C%2Fp%3E%0A%3Cp%3E%3Cem%3EForecast%20by%20Economist%20Intelligence%20Unit%3C%2Fem%3E%3C%2Fp%3E%0A
AL%20BOOM
%3Cp%20style%3D%22text-align%3Ajustify%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3BDirector%3AAssad%20Al%20Waslati%26nbsp%3B%3C%2Fp%3E%0A%3Cp%20style%3D%22text-align%3Ajustify%3B%22%3E%0DStarring%3A%20Omar%20Al%20Mulla%2C%20Badr%20Hakami%20and%20Rehab%20Al%20Attar%0D%3Cbr%3E%0D%3Cbr%3EStreaming%20on%3A%20ADtv%0D%3Cbr%3E%0D%3Cbr%3ERating%3A%203.5%2F5%0D%3Cbr%3E%0D%3Cbr%3E%3C%2Fp%3E%0A
Fixture and table
UAE finals day: Friday, April 13 at Rugby Park, Dubai Sports City
- 3pm, UAE Conference: Dubai Tigers v Sharjah Wanderers
- 6.30pm, UAE Premiership: Dubai Exiles v Abu Dhabi Harlequins
UAE Premiership – final standings
- Dubai Exiles
- Abu Dhabi Harlequins
- Jebel Ali Dragons
- Dubai Hurricanes
- Dubai Sports City Eagles
- Abu Dhabi Saracens
COMPANY PROFILE
Name: Kumulus Water
Started: 2021
Founders: Iheb Triki and Mohamed Ali Abid
Based: Tunisia
Sector: Water technology
Number of staff: 22
Investment raised: $4 million
Crime%20Wave
%3Cp%3EHeavyweight%20boxer%20Fury%20revealed%20on%20Sunday%20his%20cousin%20had%20been%20%E2%80%9Cstabbed%20in%20the%20neck%E2%80%9D%20and%20called%20on%20the%20courts%20to%20address%20the%20wave%20of%20more%20sentencing%20of%20offenders.%26nbsp%3B%3C%2Fp%3E%0A%3Cp%3ERico%20Burton%2C%2031%2C%20was%20found%20with%20stab%20wounds%20at%20around%203am%20on%20Sunday%20in%20Goose%20Green%2C%20Altrincham%20and%20subsequently%20died%20of%20his%20injuries.%3C%2Fp%3E%0A%3Cp%3E%26nbsp%3B%E2%80%9CMy%20cousin%20was%20murdered%20last%20night%2C%20stabbed%20in%20the%20neck%20this%20is%20becoming%20ridiculous%20%E2%80%A6%20idiots%20carry%20knives.%20This%20needs%20to%20stop%2C%E2%80%9D%0D%20Fury%20said.%20%E2%80%9CAsap%2C%20UK%20government%20needs%20to%20bring%20higher%20sentencing%20for%20knife%20crime%2C%20it%E2%80%99s%20a%20pandemic%20%26amp%3B%20you%20don%E2%80%99t%20know%20how%20bad%20it%20is%20until%20%5Bit%E2%80%99s%5D%201%20of%20your%20own!%3C%2Fp%3E%0A
Groom and Two Brides
Director: Elie Semaan
Starring: Abdullah Boushehri, Laila Abdallah, Lulwa Almulla
Rating: 3/5
Dubai Women's Tour teams
Agolico BMC
Andy Schleck Cycles-Immo Losch
Aromitalia Basso Bikes Vaiano
Cogeas Mettler Look
Doltcini-Van Eyck Sport
Hitec Products – Birk Sport
Kazakhstan National Team
Kuwait Cycling Team
Macogep Tornatech Girondins de Bordeaux
Minsk Cycling Club
Pannonia Regional Team (Fehérvár)
Team Auvergne-Rhône-Alpes
Team Ciclotel
UAE Women’s Team
Under 23 Kazakhstan Team
Wheel Divas Cycling Team
