Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Pfizer suffers third data breach

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 6 Sep 2007 00:06:39 -0500 (CDT)
http://www.computerweekly.com/Articles/2007/09/05/226586/pfizer-suffers-third-data-breach.htm

By john-paul kamath
05 Sep 2007

Personal details of over 34,000 Pfizer workers are at risk of identity 
theft after a security breach publicly exposed their data.

The pharmaceutical giant confirmed that a former employee accessed and 
downloaded copies of confidential information from a Pfizer computer 
system without the company's knowledge.

The incident occurred sometime late last year but was discovered by 
Pfizer on 10 July, according to Pfizer spokeswoman Shreya Prudlo. The 
company started notifying individuals of the breach on 24 August - more 
than six weeks after learning of the incident. 

"The compromised information does not appear to have been misused," said 
Prudlo. The company is offering employees free credit checks under part 
of a much wider identity protection programme as a precaution.

This is the third time since June that Pfizer has disclosed a data 
breach. The first incident involved the spouse of an employee, who 
illegally downloaded and used file-sharing software on a company 
computer to access over 17,000 employees' data.

In July, the company reported that two laptops containing confidential 
employee data as well as proprietary company information were stolen out 
of the locked car of an employee working for Axia, a contractor for 
Pfizer.

"A growing number of regulations are being placed on businesses to treat 
lost data as having been stolen, forcing companies to notify any 
individuals whose personal data might have been lost," said Jay Heiser, 
Gartner research vice-president. "Organisations that were not overly 
concerned about data leakage before are now being forced by regulation 
to put mechanisms in place to improve control over data."

Heiser said that until use of encryption on key data becomes routine, 
the industry is likely to see an ongoing string of these types of leaks.


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/
Previous By Date Next
Previous By Thread Next

Current thread: