Data security breach at Pfizer affects thousands
A Pfizer employee removed files exposing 34,000 people to potential identity fraud, according to the company. It was the third data breach at the company in three months.
Pharmaceutical company Pfizer has disclosed a new data breach at the company that exposed as many as 34,000 employees to potential identity fraud.
In a letter sent by Pfizer attorney, Bernard Nash to state attorneys general around the nation, Pfizer said an employee removed copies of confidential information from a Pfizer computer system late last year. It was the third disclosure of a data breach at the New York City-based company in the last three months.
"The person responsible for the breach violated company policy and no longer works at Pfizer," Nash said. "The total number of affected individuals is still an estimate because there is a substantial amount of data to be analysed."
Nash said that Pfizer discovered the breach on 10 July. The letters to attorneys general were dated 23 August, more than seven weeks after Pfizer became aware of the problem and more than eight months after the information was exposed.
According to the letter, the breach involved the names and Social Security numbers of all people affected. The information also included home addresses, telephone numbers, fax numbers, e-mail addresses, credit card numbers, bank account numbers, passport numbers, driver's license numbers, military identification numbers, birth dates, signatures and reasons for termination of employment.
In a letter being sent to affected employees, Pfizer said it has retained Identity Safeguards, a firm specialising in identity theft to provide affected employees with credit protection services. The firm will provide $50,000 of Identity Theft insurance with no deductible, according to the letter.
Pfizer has hired a team of IT pros to investigate its systems after it first discovered a data breach. According to Nash, the company also contacted law enforcement and major national credit agencies.
In June, Pfizer confirmed that a data breach compromised the identities of 17,000 employees. In July, the company disclosed that an employee of a Pfizer contractor had two laptops containing employee data and proprietary information stolen from a car.
