Conn. AG Investigating Former Employee Link To Pfizer Data Breach
A former worker's new employer sent Pfizer a DVD containing Pfizer data. The information was allegedly found on the employee's computer at the new job.
The Connecticut Attorney General is investigating a former Pfizer employee in connection with a data breach that compromised personally identifying employee information.
Bernard Nash, an attorney for the world's largest drug maker, said in a letter to the Attorney General that another company sent a package to Pfizer on July 6 that contained a DVD with Pfizer data on it. The information had been found on a computer that the company, which went unnamed in the letter, had assigned to a worker who had formerly been employed at Pfizer, according to Nash's Sept. 21 letter.
After reviewing the information, Pfizer "became aware" that personal information from the Pfizer network was on the DVD, Nash wrote. The company notified a federal prosecutor on Aug. 17 "to explain Pfizer's investigatory efforts, discuss the possibility of prosecution of the responsible individual, and receive input on the most productive use of Pfizer's investigative resources."
A source close to the investigation told InformationWeek that the AG's office is investigating the matter.
Nash's letter noted that the company's network was not breached. "The individual who accessed the data in Pfizer's computer system was, at the time of the access, authorized to do so," he wrote. "The wrongful removal of the data from Pfizer was a violation of Pfizer policy, but no breach of the computer security system occurred."
It was not noted why the person stopped working at Pfizer or where the individual began working next.
Nash reported that the incident compromised employee information, including name, Social Security number, address, cell and home phone numbers, credit card numbers, bank account numbers, driver's license numbers, birth dates, and even signatures.
In mid-August, Pfizer alerted Connecticut Attorney General Richard Blumenthal of the May theft of two company laptops containing personal information of 950 people. It was the second time in two months that a security breach at Pfizer has put the personally identifying information on current and former employees at risk. The earlier security breach exposed information on 17,000 people.
It is not yet clear if Nash's letter about the former employee relates to either of these two breaches or to another breach.
Pfizer could not be reached for comment.
The news comes within a week of online brokerage TD Ameritrade Holding Corp. announcing that a hacker broke into one of its databases and stole personally identifying information on its 6.3 million customers.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.