What Security? Another Pfizer Data Breach
3 CommentsBy Ed Silverman // April 7th, 2008 // 2:09 pm
This time, the drugmaker reveals that the theft of a laptop computer in February potentially exposed about 800 current and former employees and outside contractors to identity theft.
“At this time, Pfizer is not aware that any person has inappropriately used any exposed information, but the company is continuing to monitor the situation,” Pfizer attorney Bernard Nash wrote in a letter to attorneys general in several states. Nash’s letter, dated March 19, said a laptop was stolen Feb. 7 by a burglar from the home of a contractor who helps arrange planning travel and meetings for Pfizer. The laptop was password protected, Nash added. Here is the letter.
The laptop included names, credit card numbers and, in some instances, credit card expiration dates, addresses and phone numbers, hotel loyalty program numbers and other info. It did not appear that any Social Security numbers or PIN codes were exposed, the drugmaker maintained. No arrests have been made, by the way.
Last year, a series of data breaches at Pfizer exposed the names and personal information of more than 52,000 people. You can read about them here, here, here and here. The drugmaker was widely criticized for failing to report the first breach - which affected some 17,000 current and former employees - on a timely basis. The episode prompted a lawsuit by a former employee.
This story was first reported by The Day.
Lee Howard
Hey, Ed, I love your Website; I check it all the time. I was wondering, though, as a professional courtesy, if you would cite my story, since you picked it up just about word for word. I posted it just before noon today at http://www.theday.com, Web site for The Day in New London, Conn., where Pfizer’s worldwide R&D site is located.
Thanks,
Lee Howard
Business Reporter
The Day
Stormy
Ed: you might want to check PogoWasRight.org daily for breach news or get their breaches feed like I do. They reported the Pfizer story on April 4 and they exposed the two WellPoint breaches that the AP picked up afterwards. They are often days and sometimes weeks ahead of mainstream media in their reporting.
John Franks
An excellent and timely article: It’s amazing that breaches and thefts keep happening. Considering “what goes around, comes around”, I wonder how soon any one of us has personal experience with identity theft? It’s also interesting that reactive measures don’t concentrate on the obvious solution – a proactive treatment and training of people, and reinforcements to their corresponding security awareness. In those regards, there is a defined eCulture called “The Business-Technology Weave” that helps to influence employee behaviour as regards security, use and integrity of data - as well as protection of hard assets (such as laptops). This is particularly relevant: http://www.businessforum.com/DScott_02.html . Some good stuff here too: http://www.david-scott.net . We use his book at work - stupid mistakes like deleted and misplaced data have dropped tremendously. Our CEO even requires our vendors to read it. It’s making a huge difference.