Pfizer is being investigated by Connecticut Attorney General Richard Blumenthal after they suffered a data breach, including Social Security numbers, affecting 17,000 current and former Pfizer employees, 300 of which are in Connecticut. The data breach resulted from an employee installing unauthorized file-sharing software onto a laptop. The data subsequently appeared on the web.

The Connecticut Attorney General’s Office issued a letter to Pfizer (read it here) requesting that Pfizer take steps to protect its employees and to help those who have been compromised. The Attorney General is also asking that Pfizer provide additional details of the breach to the public, and what it plans to do to handle personal information and security issues.

Compromise of consumer and customer financial information is unacceptably and appallingly common. Pfizer and other companies have a legal and moral responsibility to protect private information. Corporations must make massive improvements in handling and securing sensitive employee and customer data, such as social security numbers and other vital information. Lax information security is an identity thief’s dream and a consumer’s nightmare. Loss of sensitive personal data can create long-lasting and far-ranging problems — ruined credit, difficulty in obtaining loans, harassing calls seeking payment of debts not owed — that take years to resolve.

Pfizer does not know how much information was accessed or copied when the data was breached to the web. Pfizer has sent a letter to employees – although with scarce details – and will pay for employee insurance costs resulting from the breach. Connecticut Attorney General Richard Blumenthal asks that, in addition to more information, that Pfizer freeze employee credit ratings and cover those fees.

Via CNET & CNN Money ; Tags: , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati