Bristol-Myers Security Breach Hits Untold Thousands
15 CommentsBy Ed Silverman // July 16th, 2008 // 11:09 am
The drugmaker sent letters over the past week saying a data tape containing reams of personal information was stolen several weeks ago, and that an untold number of current and former employees - and their dependents - could be affected, according to sources.
Such episodes are, unfortunately, increasingly common in this largely digitized world. Pfizer, for instance, experienced several instances over the past year in which employee info was compromised due to security breaches. Here’s some background.
Bristol-Myers is offering current and former employees credit monitoring for one year, but for the moment, has declined to comment on the breach. UPDATE: The letter, which you can see here, was sent by Jim Beslity of Bristol-Myers’ global security office.
And today, the drugmaker is issuing this statement: “Bristol-Myers Squibb regrets that this incident occurred and is committed to providing appropriate assistance for affected individuals who had their personal information on the stolen data tape. We are committed to protecting the privacy and security of employee and dependent information. Maintaining the trust and confidence of our employees is paramount to Bristol-Myers Squibb.”
Anonymous
This just happened at Gilead as well. I’m a former employee who received notice this week that a computer was stolen with confidential info and it icnluded current and former employees. We have been offered the credit monitoring as well.
I wonder what happens if someone’s identity is stolen?
Doris Shapiro
As a former employee of BMS I would appreciate follow-up from this site just in case BMS
chooses not to inform me of any credit monitoring.
asd
Hi,
The writing is on the wall. Gifts from Big Pharma and its device making counterparts may soon be unwelcome at all of the nation’s medical colleges.
=================================
johni
Addiction Recovery Michigan
Addiction Recovery Michigan
Premal Lavsi
As a former employee I have not received this letter as of today.
Nick Semenuk
Sloppy work it seems to me. This is for armored car to Iron Mtn. or whereever, not some big truck.
Gary Binder
This remedy is insufficient. The credit monitoring is not enough, and should apply to my dependents also, whose data was affected. And why did Be-A-Mess wait 5-6 week before publicizing the breach - putting those affected in further jeopardy. It is hard to believe that BMS wants to, or believes they can, “maintain the trust and confidence” of anyone. I expect class-action lawsuits to arise from this.
concerned
I wonder if they intend on notifying contract employees who may be affected by this or are they going to leave it up to the incompetent reps at the agencies to notify their clients? They have to have some of this personal information on these employees also. It wouldn’t surprise me if they didn’t take any action to protect them being that, at least in one of their companies, they tend to treat the contract employees as “second class workers” or sub-humans and the third rate agency through which they obtain the contractors probably wouldn’t know how to handle it so they won’t do anything thinking if they don’t tell the contractors they’ll never know.
PO'd
I work at bms and got the letter yesterday. WHAT A LOAD OF SH*T FROM THE ASSES IN SUITS. How can a company that prides itself on maintaining intellectual property allow MY FREAKIN DATA TO BE STOLEN.
What a mess. Who’s starting the law suit b/c I’m getting onboard.
VERY PO'D
How is it we have thousands of passwords to get into any and everything at BMS, but they expose us in such a way? Guess I should just publixh the web site and password to all pricing information…and then tell the company OOOPS…SORRY.
vincent
If the greedy corporate honchos would keep data in the USA, this may have been avoided. And when you call India, has anyone been able to understand what is said.
Former employee
It is impossible to understand the telephone operators in the call center in India and they don’t understand you! This is a scary arrangement.
Will Be Suing
I am beginning by writing a letter to James Beslity and Laura Hortas expressing my extreme disappointment - I would suggest everyone else do the same. How dare they give us such a ridiculous solution of 1 year monitoring that only covers one person and one credit agency. Nothing less than total monitoring for ALL members of my household for at least 10 years or more is acceptable. I would also like the moron’s head on a platter who did not encrypt the data. BMS boats high-security yet they fail to do the obvious. What a joke! I hope their information was on the tape too! I’ll see what my lawyer has to say as well cause I’m going to be standing by in case my data is used by these thieves.
Super P'Od
I am an employee and I am stunned by the response to this security breach by BMS. One YEAR of free credit monitoring? What a JOKE!
And for the folks in NY, they are not even covered by the identity theft insurance. So what do they get? A big fat nothing! Ok, so once my credit has been destroyed, I can find out by getting a report from the credit agency. Thanks, so much, Bristol! How very kind of you. If there is a class-action suit started, I want in. And all this that has to be done to protect myself and my spouse WILL be done on work time. Core Behaviors my a$$. Look what you’ve done to me and mine. And all you have to say is……………oh, sorry. BS
BMS Sucks
BMS sucks! That credit monitoring is a total scam. That Triple Advantage service has loads of complaints and lawsuits from THEIR OWN business practices– like not letting you cancel after the free year, and charging you every month, etc.
This needs a Class Action Lawsuit filed immediately!
Not using encryption HAS to violate some serious regulatory rules.
DO NOT PUT UP WITH THIS. TAKE ACTION!
Suzanne
Thank you for posting the BMS letter. My mother, who is retired from BMS, received a similar letter, but there was no information in her letter about an activation code. Her identity was compromised on June 14 when someone posing as my mother made an unauthorized transaction on a bank account that we hold jointly. We now believe the two incidences are related. No money was stolen, as I caught the unauth. transaction just in time. The bank account has been closed and a police report was filed. This identify theft not only affected the account we hold jointly, but also the other joint banking and brokerage accounts that I hold with my husband and adult child, and the joint banking and brokerage account that my mother has with my father. I put a 90-day fraud alert using Equifax (free) on ALL of our credit reports. Equifax is supposed to notify all three credit bureaus. We filed a police report, and now I am in the process of submitting the information to put a 7-year extended fraud alert on her credit report (again free, but you must submit the required paperwork). All our credit cards had to be reissued as well. A major headache for all.