Pfizer appears to be having an especially hard time of late keeping its employee data secure.
The pharmaceutical giant today confirmed that as many as 34,000 of its employees may be at risk of identity theft after a former employee illegally accessed and download copies of confidential information from a Pfizer computer system without the company's knowledge. The compromised information included, names, Social Security numbers, dates of birth, phone numbers and bank and credit card information.
The incident occurred sometime late last year but was discovered by Pfizer only on 10 July, according to Pfizer spokeswoman Shreya Prudlo. The company started notifying individuals of the breach on 24 August – more than six weeks after learning of the incident.
Prudlo did not say when or where exactly the breach occurred or how the company discovered it. Nor did she say why Pfizer waited for so long to inform affected individuals of the incident. So far, at least, the compromised information doesn't appear to have been misused, she said.
The story of the compromise was first reported by The Detroit News, which claimed to have received a copy of the letter Pfizer sent out to those affected by the breach.
This is the third time since June that Pfizer has disclosed a data breach. The first incident involved the potential compromise of personally identifiable information belonging to about 17,000 people when the spouse of an employee illegally downloaded and used file-sharing software on a company computer. As it did after the just disclosed breach, Pfizer waited more than six weeks after learning of that incident to inform affected individuals that their data had been compromised.
Then in July the company reported that two laptops containing confidential employee data as well as proprietary company information were stolen out of the locked car of an employee working for Axia, a contractor for Pfizer.