Pfizer Suffers Two Close Data Compromises
Pfizer Inc. has suffered a data breach exposing identifying information of 950 employees. Earlier this year, the company had a similar incident of data breach affecting 17,000 current and ex-employees who could be possible victims of identity theft. The company has notified the recent hack to state Attorney General Richard Blumenthal. The Day reported this on August 13, 2007.
Attorney Bernard Nash wrote a letter to Blumenthal on July 20, 2007 saying that Axia Limited, a management consultancy firm, informed Pfizer on June 14, 2007 about a theft of two laptops of Pfizer from a car that was locked. The letter, which arrived in Blumental's office only recently, said the laptops stolen on May 31, 2007 in Boston contained the names and Social Security numbers of professionals on healthcare who were serving or were considering to serve Pfizer on a contract basis. The Day reported this on August 13, 2007.
Other information on the laptops included identification numbers of some taxpayers, residential business addresses, fax numbers, telephone numbers, e-mail ids and compensation amounts. Nash's letter also noted that passwords on the stolen laptops were protected and there were no evidence of anyone accessing information from them.
The second incident of security compromise occurred just a day after Blumenthal received a letter about the first one.
Reacting to the events, Blumenthal said that he was extremely upset and worried about the information security problems happening so closely. He said that such types of information were equivalent to cash as it has the same cash value to anyone who misuses it, so such information should be properly guarded.
Pfizer and Axia are both adopting measures to strengthen data security, which they regard very seriously, said Lisa M. Goldman of Pfizer's Privacy Office in a letter to the affected people in the recent breach. The Day reported this on August 13, 2007. Axia is enhancing encryption features to all its laptops. Pfizer is restricting the use of Social Security numbers as far as possible and trying everything to improve data security, she said. Pfizer and Axia are keeping track of the situation while a forensic review has been started.
Related article: Pfizer - Ex-Employee Sues for Data Infringement
» SPAMfighter News - 01-09-2007