Centocor: Security Breach Over Stolen Computers

According to a Jan. 3 letter the Johnson & Johnson unit wrote to the New Hampshire attorney general, an undetermined number of computers have gone missing and may be stolen from its Horsham, Pa., headquarters. And one or two contained sensitive personal info belonging to an unspecified number of speakers and consultants who were retained for a ‘National Faculty and Rounds on the Road’ program. (Here’s the letter).

Centocor says it was notified of the problem by its IT vendor in early October, 2007, and was provided additional details on Nov. 29th, 2007, although the drugmaker didn’t notify the New Hampshire AG until this month. The letter was written by Michael Schoeck, director of health care compliance at Johnson & Johnson, who also identifies himself as Centocor’s privacy director.

“Based on the subsequent investigation conducted by Centocor, one of the missing computers likely contained a file which included the name, city/state and social security/tax identification numbers of a number of people engaged by Centocor, including one resident of New Hampshire. We have made arrangements to provide 1 year of credit-monitoring services to each of the affected individuals at no cost to them,” the letter states.

For the moment, the Centocor episode pales in comparison to what Pfizer experienced last year. More than 50,000 people - predominantly Pfizer employees and spouses - had personal info compromised thanks to several unrelated breaches and security lapses involving data stored on computers.

UPDATE: A Centocor spokesman writes us to say that 114 people are believed to be affected and adds: “Centocor and the local authorities continue to investigate this incident to gain a full understanding of the types of information that may have been on the lost computers. At this time, we do not have reason to believe that the information has been misused or that any other customer information is involved in the incident.”

Hat tip to the Breach Blog