Stolen tape puts Bristol-Myers employee data at risk
Thieves seize tape containing personal data during stopover by third-party vendor
Computerworld - Bristol-Myers Squibb Co. officials last week confirmed that a nonencrypted backup tape containing the personal data of current and former employees and their dependents was stolen on June 4 from a delivery truck carrying the device.
Bristol-Myers spokeswoman Laura Hortas said the New York-based pharmaceutical company began notifying current, former and retired employees by mail on July 12 about the missing backup tape. Bristol-Myers would not disclose how many people are affected by the breach.
However, according to a security breach notification letter (download PDF) sent by the company to the New Hampshire Attorney General's office, the personal data of 458 residents of that state was stored on the stolen tape.
Hortas declined to disclose where the theft occurred or any other circumstances regarding the incident, citing an ongoing investigation by Bristol-Myers and law enforcement authorities. She also would not identify the third-party storage vendor hired by Bristol-Myers to transport the sensitive data.
She did say that thieves broke into the delivery truck during a stopover at an undisclosed facility. Bristol-Myers is currently in the process of ensuring that all data tapes maintained by its third-party storage vendor are encrypted going forward.
"Bristol-Myers Squibb regrets that the incident occurred and is committed to providing appropriate assistance for affected individuals who had their personal information on the data tape," said Hortas, reading from a prepared company statement. "We are committed to protecting the privacy and security of employee and dependent information. Maintaining the trust and confidence of our employees is paramount to Bristol-Myers Squibb."
The stolen computer tape included the names, addresses, birthdays, Social Security numbers, marital status, bank account numbers, salaries, and hiring and termination/retirement dates of the affected employees. In addition, the tape has Social Security and address information about dependents of former and current employees.
Hortas said that data on the missing backup tape is protected by a 12-character password and a jumbled text format that can only be read through "pricey" specialized software. "The tape is not something your average person could just pick up and know how to access," she added.
Bristol-Myers said it has no reason to believe that any data on the tape has been inappropriately accessed or that identity fraud has been committed. The company is offering one year of free credit monitoring and identity theft insurance to all individuals and dependents affected by the data breach.
Read more about Applications in Computerworld's Applications Topic Center.
- IPv6 Fundamentals IPv6 is needed to sustain the growth of the Internet. The transition from IPv4 will require planning and likely some degree of support...
- Optimize IT Performance & Availability: Four Steps to Establish Effective IT Management Baselines More than ever before, your company's ability to grow hinges on IT performance and availability. Download this how-to report on establishing IT baselines,...
- Considerations for Embracing Wireless Monitoring Employee behavior is once again driving major changes for IT departments - this time it's BYOD. This report details three critical steps to...
- Fixing Intermittent Performance Problems Intermittent performance problems are among the most frustrating and time-consuming issues IT administrators face. Read this white paper and learn how technology advances...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- On-Demand Webinar: Beyond the Enterprise App Store If you already have a few projects that are RED on your project timeline then join us so you can free up your...
One Storefront to Rule Them All
Take the load off managing mobile users with IT service request and delivery across all platforms!
Give your users the on-demand, enterprise app...
All Applications White Papers |