Stolen tape puts Bristol-Myers employee data at risk
Thieves seize tape containing personal data during stopover by third-party vendor
Computerworld - Bristol-Myers Squibb Co. officials last week confirmed that a nonencrypted backup tape containing the personal data of current and former employees and their dependents was stolen on June 4 from a delivery truck carrying the device.
Bristol-Myers spokeswoman Laura Hortas said the New York-based pharmaceutical company began notifying current, former and retired employees by mail on July 12 about the missing backup tape. Bristol-Myers would not disclose how many people are affected by the breach.
However, according to a security breach notification letter (download PDF) sent by the company to the New Hampshire Attorney General's office, the personal data of 458 residents of that state was stored on the stolen tape.
Hortas declined to disclose where the theft occurred or any other circumstances regarding the incident, citing an ongoing investigation by Bristol-Myers and law enforcement authorities. She also would not identify the third-party storage vendor hired by Bristol-Myers to transport the sensitive data.
She did say that thieves broke into the delivery truck during a stopover at an undisclosed facility. Bristol-Myers is currently in the process of ensuring that all data tapes maintained by its third-party storage vendor are encrypted going forward.
"Bristol-Myers Squibb regrets that the incident occurred and is committed to providing appropriate assistance for affected individuals who had their personal information on the data tape," said Hortas, reading from a prepared company statement. "We are committed to protecting the privacy and security of employee and dependent information. Maintaining the trust and confidence of our employees is paramount to Bristol-Myers Squibb."
The stolen computer tape included the names, addresses, birthdays, Social Security numbers, marital status, bank account numbers, salaries, and hiring and termination/retirement dates of the affected employees. In addition, the tape has Social Security and address information about dependents of former and current employees.
Hortas said that data on the missing backup tape is protected by a 12-character password and a jumbled text format that can only be read through "pricey" specialized software. "The tape is not something your average person could just pick up and know how to access," she added.
Bristol-Myers said it has no reason to believe that any data on the tape has been inappropriately accessed or that identity fraud has been committed. The company is offering one year of free credit monitoring and identity theft insurance to all individuals and dependents affected by the data breach.
Read more about Applications in Computerworld's Applications Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Government Agency Webifies Outdated COBOL Applications Let this CTO tell you how his agency converted 1980s-era green screens into an e-filing portal for the 100,000 cases handled each year...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Applications White Papers | Webcasts