Connecticut AG Investigating Pfizer (NYSE: PFE) Data Security Breach Affecting 17,000 Employees
Connecticut Attorney General's (AG) Office is investigating a data security breach at Pfizer Inc. (Press Release: http://www.ct.gov/ag/cwp/view.asp?Q=383962&A=2788). The information of 17,000 current and former employees including names, social security numbers, and some payroll information including bonuses. The information was compromised on a laptop that had file sharing (peer-to-peer) network software installed and exposed the confidential information to third parties. In a letter (http://www.ct.gov/ag/lib/ag/consumers/pfizerdatabreachletter.pdf) dated June 6, 2007, Connecticut AG Richard Blumenthal asked Pfizer to explain in detail the policies and actions Pfizer takes to protect sensitive information.
As a security professional, I applaud AG Blumenthal's quick action to open an investigation into any incident that demonstrates irresponsible behavior towards the protection of personal information by any organization.
In today's era of security breaches, organizations must be more careful about storing sensitive personal information on laptops and making sure that their employees understand their responsibility for protecting that sensitive information. We have the technology today and the lessons of the past to be able to effectively protect sensitive information. It is time to end the excuses and get serious about the protection of personal information.
Comments