News
News
9/26/2007
01:36 PM
Connect Directly
RSS
E-Mail
50%
50%

Conn. AG Investigating Former Employee Link To Pfizer Data Breach

A former worker's new employer sent Pfizer a DVD containing Pfizer data. The information was allegedly found on the employee's computer at the new job.

The Connecticut Attorney General is investigating a former Pfizer employee in connection with a data breach that compromised personally identifying employee information.

Bernard Nash, an attorney for the world's largest drug maker, said in a letter to the Attorney General that another company sent a package to Pfizer on July 6 that contained a DVD with Pfizer data on it. The information had been found on a computer that the company, which went unnamed in the letter, had assigned to a worker who had formerly been employed at Pfizer, according to Nash's Sept. 21 letter.

After reviewing the information, Pfizer "became aware" that personal information from the Pfizer network was on the DVD, Nash wrote. The company notified a federal prosecutor on Aug. 17 "to explain Pfizer's investigatory efforts, discuss the possibility of prosecution of the responsible individual, and receive input on the most productive use of Pfizer's investigative resources."

A source close to the investigation told InformationWeek that the AG's office is investigating the matter.

Nash's letter noted that the company's network was not breached. "The individual who accessed the data in Pfizer's computer system was, at the time of the access, authorized to do so," he wrote. "The wrongful removal of the data from Pfizer was a violation of Pfizer policy, but no breach of the computer security system occurred."

It was not noted why the person stopped working at Pfizer or where the individual began working next.

Nash reported that the incident compromised employee information, including name, Social Security number, address, cell and home phone numbers, credit card numbers, bank account numbers, driver's license numbers, birth dates, and even signatures.

In mid-August, Pfizer alerted Connecticut Attorney General Richard Blumenthal of the May theft of two company laptops containing personal information of 950 people. It was the second time in two months that a security breach at Pfizer has put the personally identifying information on current and former employees at risk. The earlier security breach exposed information on 17,000 people.

It is not yet clear if Nash's letter about the former employee relates to either of these two breaches or to another breach.

Pfizer could not be reached for comment.

The news comes within a week of online brokerage TD Ameritrade Holding Corp. announcing that a hacker broke into one of its databases and stole personally identifying information on its 6.3 million customers.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.