Feeds

Second security breach hits Pfizer

Another cock-up at Viagra manufacturer

Protecting against web application threats using SSL

Personal details of workers at pharmaceutical giant Pfizer have been exposed to potential theft for the second time in two months.

The latest security cock-up involving the Viagra maker concerns the theft of two laptops containing details of 950 Pfizer contract workers from the car of an employee of consulting firm Axia. The machines were turned off and password protected but data on their hard discs was not encrypted. Information on the laptops contained the names and social security numbers of workers at the drug firm, among other things.

The theft of the laptops occurred on 31 May but Pfizer only wrote to workers on 21 July, following an investigation.

News of the slip-up follows two months after it emerged that personal information on more than 17,000 current and former employees at the pharmaceutical giant leaked onto a P2P network. Unauthorised installation of a P2P package on a company laptop led to the exposure of worker data, presumably after a directory holding the information was inadvertently offered up for sharing. Casual use of file sharing by the spouse of an unnamed Pfizer worker was blamed for the breach.

Workers were notified of the P2P breach on 1 June around six weeks after the fact. The breach prompted Pfizer attorney Bernard Nash to send letters to attorneys generals in states where potentially hit workers reside. The Connecticut Attorney General's Office followed up this letter with requests for more information about the breach, which affected 305 Pfizer workers who are resident in the state. Richard Blumenthal expressed concerns about the time Pfizer took to notify workers about the breach

The continued dialogue between Blumenthal and Nash over the issue led to public disclosure of the laptop theft breach. Pfizer has promised to offer affected workers a years free credit monitoring in the case of both breaches. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.