I am writing to notify you of a confirmed cyber attack that resulted in the permanent destruction of a privately maintained archive of VAERS public data releases, and to request your assistance in identifying what data recovery options may exist through the CDC.

My name is Jason Page. Through the VAERS Data Group, I have maintained a longitudinal archive of all VAERS public data drops — weekly and monthly — since approximately 2007, downloaded directly from the CDC VAERS public data portal. This archive has been used for ongoing independent analysis of adverse event reporting trends. I am reporting this incident both because your office may be able to assist with data recovery and because, as the administrator of the underlying dataset, you may have an interest in knowing that a public health surveillance archive of this nature has been deliberately targeted for destruction.

1. Summary of the Attack

A forensic examination completed May 8, 2026 confirmed that 65 of 342 archived VAERS ZIP files were deliberately destroyed by an unauthorized actor who gained remote access to my server. The destruction was permanent — file contents were overwritten using a technique that eliminates all recoverable data. The attack was not ransomware; it was a targeted wiper operation with no financial motive. The sole outcome was the elimination of specific VAERS archive records.

The destroyed files cover the following periods:

The 277 intact files in the archive cover 2007 through January 27, 2023, and December 26, 2025 onwards. The gap — February 2023 through November 2025 — corresponds almost precisely to the period of most active COVID-19 vaccine adverse event reporting and the weekly-to-monthly transition in your release schedule.

2. Why This Archive Mattered and What Was Lost

While individual VAERS data releases remain available on the CDC portal in their current cumulative form, the longitudinal archive served a distinct analytical purpose: preserving a timestamped snapshot of what was reported as of each specific weekly or monthly release date.

This allows researchers to answer questions that the current cumulative release cannot, such as:

• How did adverse event counts for a specific vaccine lot or symptom category change between releases?
• Were any reports present in an earlier release that do not appear in later releases?
• What was the reporting backlog at different points in the rollout?

Once a weekly drop is superseded by the next release, those specific snapshots are not publicly maintained. The weekly incremental archives from 2021–2023 — which document the most intensive adverse event reporting period in VAERS history — are therefore unique records. Their destruction eliminates the ability to perform this category of longitudinal comparison from my archive.

3. Attack Timeline — Key Dates

Forensic analysis of filesystem modification timestamps on the destroyed files revealed the following:

• February 2023: The first three weekly VAERS drops of 2023 (February 3, 10, and 17) arrived already destroyed at download time, indicating the download pipeline or source was compromised by early February 2023.

• April 27, 2025: A primary mass destruction event in which approximately 40 files were overwritten sequentially over 12 hours by an actor with live access to the server.

• May 3–12, 2025: A follow-up operation targeting three older archived files missed in the April event, confirming active attacker presence through at least May 12, 2025.

• April 2024 – December 2025: Evidence of a persistently compromised download process — every monthly VAERS drop downloaded during this period arrived in a destroyed state.

The intrusion vector was an unauthorized TeamViewer remote-access daemon found running on the server, which has since been removed.

4. Notification Regarding the Nature of the Attack

I want to bring the following to your attention, as you may wish to share it with CDC information security:

The destruction targeted VAERS data with a degree of specificity that suggests knowledge of the archive's contents. The actor left intact all files dated January 27, 2023 and earlier — archives predating the major COVID-19 vaccine adverse event reporting period — while systematically destroying archives covering February 2023 onward. The attack also persisted across multiple waves spanning more than two years, indicating sustained interest in eliminating this specific dataset rather than opportunistic data destruction.

I am not in a position to characterize the actor's identity or affiliation. However, given that VAERS is a federal public health surveillance system and the data destroyed is derived from CDC public releases, you may wish to coordinate with CISA, to whom I am filing a parallel incident report, and with HHS information security.

5. Request for Assistance

I respectfully request the following from the VAERS Program Office:

5.1 — Historical data access

I understand that CDC currently provides the full cumulative VAERS dataset as a single download updated monthly. I am requesting information on whether CDC retains, or can provide access to, historical point-in-time snapshots of VAERS data — specifically the weekly releases from January 2023 through September 2023 and the monthly releases from October 2023 through November 2025. Even partial archival access would allow reconstruction of the destroyed records.

Specifically, I would welcome any information about:

• Whether historical weekly export files are retained on CDC systems after being superseded
• Whether the CDC VAERS Wonder database retains versioned or dated query results that could approximate the weekly snapshot contents
• Whether any CDC data archive program (such as through the National Archives or data.gov) retains historical VAERS exports

5.2 — Confirmation of public release integrity

Given that the download pipeline was compromised starting approximately February 2023, I would appreciate any verification that the files I was downloading during that period were served correctly from your public portal and were not altered at the source or in transit. Specifically:

• Are SHA-256 or MD5 checksums available for historical VAERS public data releases?
• Does CDC maintain any integrity verification mechanism for downloaded VAERS data?
• Was there any known interruption or anomaly in the VAERS public data portal between February 2023 and December 2025?

5.3 — Notification acknowledgment

I ask that the VAERS Program Office acknowledge receipt of this notification and forward it as appropriate to HHS/CDC cybersecurity personnel and any relevant data stewardship contacts.

6. Offer of Cooperation

I have retained the 65 destroyed archive files in their corrupted state and have prepared a full forensic report documenting the attack waves, timestamps, binary patterns, and file-by-file evidence. I am willing to share this report, the binary file samples, and any other technical artifacts with CDC information security, CISA, or other federal authorities as requested.

I would also welcome a conversation with your technical or data team regarding any mechanisms CDC could implement to allow independent researchers to verify the integrity of downloaded VAERS public data files — for example, publishing file checksums alongside each release.

Thank you for your attention to this matter. I recognize that this notification sits at the intersection of a cybersecurity incident and a public health data integrity concern. I believe both dimensions merit the attention of your office and the appropriate federal agencies.

I can be reached at pagetelegram@proton.me and am available to discuss this matter at your convenience.

Enclosures available upon request:

• VAERS Archive Corruption — Forensic Report (VAERSCorruptionForensic_Report.md)
• Full file manifest — 342 files, status, modification timestamps, binary signatures
• Binary samples from destroyed files

Respectfully submitted,