follow-up: Conn. AG Investigating Former Employee Link To Pfizer Data Breach

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.informationweek.com/news/showArticle.jhtml?articleID=202101944

By Sharon Gaudin
InformationWeek
September 26, 2007

The Connecticut Attorney General is investigating a former Pfizer employee 
in connection with a data breach that compromised personally identifying 
employee information.

Bernard Nash, an attorney for the world's largest drug maker, said in a 
letter to the Attorney General that another company sent a package to 
Pfizer on July 6 that contained a DVD with Pfizer data on it. The 
information had been found on a computer that the company, which went 
unnamed in the letter, had assigned to a worker who had formerly been 
employed at Pfizer, according to Nash's Sept. 21 letter.

After reviewing the information, Pfizer "became aware" that personal 
information from the Pfizer network was on the DVD, Nash wrote. The 
company notified a federal prosecutor on Aug. 17 "to explain Pfizer's 
investigatory efforts, discuss the possibility of prosecution of the 
responsible individual, and receive input on the most productive use of 
Pfizer's investigative resources."

A source close to the investigation told InformationWeek that the AG's 
office is investigating the matter.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml