« Who Can't You Trust? | Main | 5 Keys to Securing Your Database »

In what is hopefully not becoming a monthly occurrence, for the third time in three months Pfizer reported a serious data breach. The most recent data breach, reported last week and likely an inside job, resulted in the potential theft of vital personal information of 34,000 current and former employees of the company.

According to Dark Reading, in late June Pfizer reported the loss of around 17,000 employees’ personal information that was exposed through P2P file sharing. Then, about three weeks ago, two laptops with data on 950 employees were reported stolen from a consultant’s car in Boston.

While the first two were seemingly accidental, the most recent bore the hallmarks of an inside job. "The breach developed when a Pfizer employee wrongfully removed copies of confidential information from a Pfizer computer system late last year," the report to the state of New Hampshire says. "This was done without Pfizer's knowledge or consent, in violation of Pfizer policy."

The stolen data includes the names and Social Security numbers of the 34,000 employees exposed. Some of the data also includes home addresses, phone numbers, email addresses, credit card numbers, bank account numbers, driver's license numbers, birth dates, signatures, and reason for termination.

While Pfizer says it has found no evidence of the unauthorized use of the data, they are still looking into it, and have notified those affected and given them access to free credit protection services. The individual who pilfered the data no longer works at the company.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2286