Personal details of over 34,000Pfizerworkers are at risk of identity
theft after a security breach publicly exposed their
data.
The pharmaceutical giant confirmed that a former employee
accessed and downloaded copies of confidential information from a
Pfizer computer system without the company's knowledge.
The incident occurred sometime late last year but was discovered
by Pfizer on 10 July, according to Pfizer spokeswoman Shreya
Prudlo. The company started notifying individuals of the breach on
24 August - more than six weeks after learning of the incident.
"The compromised information does not appear to have been
misused," said Prudlo. The company is offering employees free
credit checks under part of a much wider
identity protection programme as a precaution.
This is the third time since June that Pfizer has disclosed a
data breach. The first incident involved the spouse of an employee,
who illegally downloaded and used file-sharing software on a
company computer to access over 17,000 employees' data.
In July, the company reported that two laptops containing
confidential employee data as well as proprietary company
information were stolen out of the locked car of an employee
working for Axia, a contractor for Pfizer.
"A growing number of regulations are being placed on businesses
to treat lost data as having been stolen, forcing companies to
notify any individuals whose personal data might have been lost,"
said Jay Heiser, Gartner research vice-president. "Organisations
that were not overly concerned about
data leakage before are now being forced by regulation to put
mechanisms in place to improve control over data."
Heiser said that until use of encryption on key data becomes
routine, the industry is likely to see an ongoing string of these
types of leaks.