By john-paul kamath
05 Sep 2007
Personal details of over 34,000 Pfizer workers are at risk of identity
theft after a security breach publicly exposed their data.
The pharmaceutical giant confirmed that a former employee accessed and
downloaded copies of confidential information from a Pfizer computer
system without the company's knowledge.
The incident occurred sometime late last year but was discovered by
Pfizer on 10 July, according to Pfizer spokeswoman Shreya Prudlo. The
company started notifying individuals of the breach on 24 August - more
than six weeks after learning of the incident.
"The compromised information does not appear to have been misused," said
Prudlo. The company is offering employees free credit checks under part
of a much wider identity protection programme as a precaution.
This is the third time since June that Pfizer has disclosed a data
breach. The first incident involved the spouse of an employee, who
illegally downloaded and used file-sharing software on a company
computer to access over 17,000 employees' data.
In July, the company reported that two laptops containing confidential
employee data as well as proprietary company information were stolen out
of the locked car of an employee working for Axia, a contractor for
"A growing number of regulations are being placed on businesses to treat
lost data as having been stolen, forcing companies to notify any
individuals whose personal data might have been lost," said Jay Heiser,
Gartner research vice-president. "Organisations that were not overly
concerned about data leakage before are now being forced by regulation
to put mechanisms in place to improve control over data."
Heiser said that until use of encryption on key data becomes routine,
the industry is likely to see an ongoing string of these types of leaks.
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!