Security Breach of Personal Information at Pfizer

In a recent data breach affecting Pfizer Inc., the Social Security numbers of nearly 17,000 existing and earlier employees were posted online along with the bonus information of many. The company is investigating the security breach.

According to Pharmalot, a Web site that deals with news and comments relating to the health industry, a female employee of Pfizer working on her laptop at home used file-sharing software that resulted in the security breach and exposed data to more than one third parties.

Pfizer is not sure if any individual has actually committed the information theft. According to initial investigation, data of nearly 15,700 people was accessed and copied while data compromise of about 1,250 might have occurred, the company said.

Connecticut Attorney General, Richard Blumenthal said he had requested Pfizer to adopt specific measures to protect its staff. Reuters published this on June 11, 2007. Blumenthal has also asked Pfizer to encourage employees to get their credit bureaus to impose a 'security freeze' that would not allow disclosure of their credit statements without the owner's permission.

According to a statement that Lisa M. Goldman in Pfizer's privacy office in New York released, the final investigation does not suggest that personal information other than names, addresses, Social Security numbers, and bonus information was exposed. Theday.com reported this on June 11, 2007. The statement further said that since the lady with the laptop was using an Internet connection outside the company network, there was no risk for other data stored in that network.

Pfizer has withheld the laptop and disabled the file-sharing program. The investigation is on in the matter. The company has also established a call center via Experian, the agency reporting on people's credit holdings to benefit employees in looking after their credit.

Pfizer has decided to provide twelve months of credit monitoring to affected employees at the company's expense. The employees could continue using the service even if no suspicious activity in the initial reports arises. The company would also disburse $25,000 as insurance for identity theft to affected employees at no deductible cost from a third party designated as the insurer.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 6/26/2007