Now Pfizer employees' spouses suffer data compromise
Fourth security failure to touch Pfizer employees this year
Computerworld - For the fourth time in as many months, some Pfizer Inc. employees have been affected by a compromise involving personal data -- though this time, in a somewhat indirect fashion and not as a result of a security breach at the company itself.
The most recent incident involves Wheels Inc., a Des Plaines, Ill.-based company that leases cars to Pfizer employees and their spouses.
In August, Wheels discovered that an online Web application used to collect information from spouses of Pfizer employees failed to employ proper encryption during the data transfer process, according to Stratford Dick, director of marketing at Wheels. As a result, personal information sent by about 1,800 spouses of Pfizer employees was transmitted in a nonencrypted fashion to Wheels during a two-week period in August, Dick said. The data included names, addresses, dates of birth and driver's license numbers. Social Security numbers were not collected as part of the process, Dick said.
Wheels collects the data in order to conduct a search of motor vehicles records to qualify spouses to drive leased company cars, Dick said.
The compromise was brought to Wheels' attention by an employee's spouse, Dick said, without elaborating on how that person had discovered the problem. Following the discovery of the breach, Wheels shut down the service and made sure data was being encrypted during transmission before turning the service back on again, he said. The company has also reviewed its security practices following the episode, he said, though he provided no further details.
The company does, however, seem to resist characterizing the failure as a breach. "We certainly don't think it was a breach," Dick added. "The term 'breach' implies that our Web site where the information was stored was hacked. There is no indication that the site was hacked or that the information was stolen."
Even though the likelihood of anyone's information having actually been intercepted or stolen during transmission is remote, Wheels has decided to offer two-years' worth of credit monitoring and credit restoration services free of charge to the 1,800 people affected, he said.
This is the fourth data compromise affecting Pfizer since this summer. The first incident surfaced in June, when Pfizer said that an employee had accidentally exposed Social Security numbers and other personal data belonging to about 17,000 of its employees on a peer-to-peer network. The exposure was caused by a file-sharing program the employee had illegally installed on a company-owned system.
A month later, the company reported that two laptops containing confidential employee data as well as proprietary company information were stolen out of the locked car of an employee working for Axia, a contractor for Pfizer.
Then in September, Pfizer Inc. disclosed that the personal data of as many as 34,000 people may have been illegally accessed and downloaded from a company computer system by a former employee. The compromised information included names, Social Security numbers, dates of birth, phone numbers, and bank and credit card information of employees, former employees and health care workers.
Pfizer did not immediately respond to a request for comment for this story.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts