Stolen tape puts Bristol-Myers employee data at risk

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9110485

By Brian Fonseca
July 22, 2008
Computerworld

Bristol-Myers Squibb Co. officials last week confirmed that a nonencrypted 
backup tape containing the personal data of current and former employees 
and their dependents was stolen on June 4 from a delivery truck carrying 
the device.

Bristol-Myers spokeswoman Laura Hortas said the New York-based 
pharmaceutical company began notifying current, former and retired 
employees by mail on June 12 about the missing backup tape. Bristol-Myers 
would not disclose how many people are affected by the breach.

However, according to a security breach notification letter (download PDF 
[1]) sent by the company to the New Hampshire Attorney General's office, 
the personal data of 458 residents of that state was stored on the stolen 
tape.

[1] http://doj.nh.gov/consumer/pdf/bristol-myers.pdf

[...]


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml