Pfizer Breach Exposes Details on Estimated 34,000
Technorati Tag: Security Breach
Date Reported:
8/24/07
Organization:
Pfizer
Contractor/Consultant:
None
Number Affected:
34,000 est.
Types of Data:
Name, Social Security number, home address, home and/or cellular phone number, fax number, email address, credit card number, bank account number, passport number, driver's license number, military identification number, birth date, signature, and reason for termination (as applicable)
Breach Description:
A former Pfizer employee "wrongfully removed copies of confidential information from a Pfizer computer system late last year." The breach affects current employees, former employees, health care professionals and other individuals.
Reference URL:
http://doj.nh.gov/consumer/pdf/Pfizer4.pdf
http://www.theday.com/re.aspx?re=2f8ed114-d2eb-4ae5-a534-fbcd3a76e5e9
Report Credit:
New Hampshire Attorney General's Office
Response:
The quotes are from Pfizer's official notification sent to the State of New Hampshire and the letter sent to affected individuals.
"This was done without Pfizer’s knowledge or consent, in violation of Pfizer policy. The individual is no longer employed by the Company. Pfizer did not become aware that sensitive personal information had been removed until July 10, 2007."
[Comfyllama] The letter and Pfizer response do not make it clear if the former employee was let go because of the breach or before the breach. It is also not clear whether the former employee copied the data maliciously or on accident. ~8 months before it was noticed by the company, eek.
"The number of affected individuals is still an estimate because there is a substantial amount of data to be analyzed; Pfizer has been working with outside consultants to review the exposed data quickly and thoroughly."
[Comfyllama] Expect a revision.
"So far there is no indication that any unauthorized person has used or is misusing the information that was removed from Pfizer."
[Comfyllama] Standard response. I wonder if these companies share a response template or something.
“We have modified the computer system where this information was stored and enhanced security for other computer systems as well,”
Pfizer is providing two years of credit protection and restoration services through Identity Safegaurds (IDS) free of charge.
[Comfyllama] Two years is double the standard.
Commentary:
This has been a bad year for Pfizer and privacy protection. You have to wonder if this is the last breach or what might be to come. In May, 2007 Pfizer reported a breach affecting 17,000 through an employees unauthorized use of file sharing software and in August Pfizer reported 950 records exposed in an Axia (consultant) stolen laptop.
Past Breaches:
May, 2007 - 17,000 Affected
2nd Pfizer Breach of 2007 Affects 950
Date Reported:
8/24/07
Organization:
Pfizer
Contractor/Consultant:
None
Number Affected:
34,000 est.
Types of Data:
Name, Social Security number, home address, home and/or cellular phone number, fax number, email address, credit card number, bank account number, passport number, driver's license number, military identification number, birth date, signature, and reason for termination (as applicable)
Breach Description:
A former Pfizer employee "wrongfully removed copies of confidential information from a Pfizer computer system late last year." The breach affects current employees, former employees, health care professionals and other individuals.
Reference URL:
http://doj.nh.gov/consumer/pdf/Pfizer4.pdf
http://www.theday.com/re.aspx?re=2f8ed114-d2eb-4ae5-a534-fbcd3a76e5e9
Report Credit:
New Hampshire Attorney General's Office
Response:
The quotes are from Pfizer's official notification sent to the State of New Hampshire and the letter sent to affected individuals.
"This was done without Pfizer’s knowledge or consent, in violation of Pfizer policy. The individual is no longer employed by the Company. Pfizer did not become aware that sensitive personal information had been removed until July 10, 2007."
[Comfyllama] The letter and Pfizer response do not make it clear if the former employee was let go because of the breach or before the breach. It is also not clear whether the former employee copied the data maliciously or on accident. ~8 months before it was noticed by the company, eek.
"The number of affected individuals is still an estimate because there is a substantial amount of data to be analyzed; Pfizer has been working with outside consultants to review the exposed data quickly and thoroughly."
[Comfyllama] Expect a revision.
"So far there is no indication that any unauthorized person has used or is misusing the information that was removed from Pfizer."
[Comfyllama] Standard response. I wonder if these companies share a response template or something.
“We have modified the computer system where this information was stored and enhanced security for other computer systems as well,”
Pfizer is providing two years of credit protection and restoration services through Identity Safegaurds (IDS) free of charge.
[Comfyllama] Two years is double the standard.
Commentary:
This has been a bad year for Pfizer and privacy protection. You have to wonder if this is the last breach or what might be to come. In May, 2007 Pfizer reported a breach affecting 17,000 through an employees unauthorized use of file sharing software and in August Pfizer reported 950 records exposed in an Axia (consultant) stolen laptop.
Past Breaches:
May, 2007 - 17,000 Affected
2nd Pfizer Breach of 2007 Affects 950
Posts Atom 1.0
Comments