Personal details of over 34,000 Pfizer workers are at risk of identity theft after a security breach publicly exposed...
The pharmaceutical giant confirmed that a former employee accessed and downloaded copies of confidential information from a Pfizer computer system without the company's knowledge.
The incident occurred sometime late last year but was discovered by Pfizer on 10 July, according to Pfizer spokeswoman Shreya Prudlo. The company started notifying individuals of the breach on 24 August - more than six weeks after learning of the incident.
"The compromised information does not appear to have been misused," said Prudlo. The company is offering employees free credit checks under part of a much wider identity protection programme as a precaution.
This is the third time since June that Pfizer has disclosed a data breach. The first incident involved the spouse of an employee, who illegally downloaded and used file-sharing software on a company computer to access over 17,000 employees' data.
In July, the company reported that two laptops containing confidential employee data as well as proprietary company information were stolen out of the locked car of an employee working for Axia, a contractor for Pfizer.
"A growing number of regulations are being placed on businesses to treat lost data as having been stolen, forcing companies to notify any individuals whose personal data might have been lost," said Jay Heiser, Gartner research vice-president. "Organisations that were not overly concerned about data leakage before are now being forced by regulation to put mechanisms in place to improve control over data."
Heiser said that until use of encryption on key data becomes routine, the industry is likely to see an ongoing string of these types of leaks.