Latest Pfizer Security Breach Hits 34,000
2 CommentsBy Ed Silverman // September 4th, 2007 // 7:16 am
They say bad things often happen in threes…. The latest snafu reportedly affects an estimated 34,000 current and former Pfizer employees who, of course, are now at risk for identity theft, according to an Aug. 24 letter to employees obtained by The Detroit News. The breach may have caused employee names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card info, signatures and other personal data to be publicly exposed.
The breach occurred late last year when a Pfizer employee removed copies of confidential info from a Pfizer computer system without the drugmaker’s knowledge or approval, the paper reports. Pfizer didn’t become aware of the breach until July 10.
This is the third time since May that Pfizer has acknowledged a security breach that exposed current and former employee personal info. In the first incident, which was revealed last June, a Pfizer employee’s spouse downloaded file-sharing software to a company laptop. In July, the drugmaker revealed a pair of laptops with sensitive data were stolen from a contractor’s locked car.
“These were three separate and distinct incidences,” Pfizer spokesman Ray Kerins tells the paper. “This is a serious matter we are doing everything we can to protect our colleagues.” He adds that law enforcement is also investigating the latest breach.
The latest breach is likely the most serious, the News writes, because it appears the ex-employee ‘maliciously’ went after the data, according tod Judd Rousseau, chief operations officer of Identify Theft 911, an identity management company. “This appears to be an intentional theft which puts potential victims in the highest-risk category,” he says. “The perpetrator likely knew the value of this information.”
yeah right
They really did a lousy job notifying employees this time around. They posted an article on the corporate intranet that had to be written by a lawyer. Many of the much needed details were omitted (what exact kind of data was stolen, why were employees notified via snail mail using an unmarked envelope that looked like junk mail, why only 2 years of identity protection when by their own admission identity thieves wait for long periods before using stolen information, were overseas employees and employee spouses and children impacted etc etc). Their announcement was roundly criticized by employees - which to their credit they posted on the intranet for all to see. However the response to the employee criticism was another posting on the intranet by their corporate counsel…95% of the content was the same and many questions still not answered. Finally after this second posting got slammed by employees, they have started answering some of the questions though not all. They are thinking like lawyers and worried about admission of liability while their employee confidence in this area has really taken a beating. No apology from CEO Jeff Kindler etc (who after all was the person corporate security reported to, before he became CEO). Hopefully they are doing something to fix this; it wouldn’t hurt if a couple of state AG’s investigate and help them do the right thing here…they have no problems sending sales related junk via fedex but don’t want to spring for overnight mail when notifying employees of stuff like this.
Notebook Privacy Filters, Laptop Privacy Filters
laptop privacy filters…
& trackballs kids writing instruments laptop accessories laptop privacy filters left handed keyboards lighting lumbar. Arms & stands printer stands privacy. Osd cf side usen……