Pfizer reported that the personal information of about 34,000 current and former employees, health care workers and others has been compromised, the New London Day reports. The incident is Pfizer's third data breach in three months.
The breach occurred in 2006 when a Pfizer employee "wrongly removed copies of confidential information from a Pfizer computer system," according to an Aug. 23 letter from Pfizer to the Connecticut Attorney General Richard Blumenthal (D) and other attorneys general. Pfizer said it was unaware of the breach until July 10.
Pfizer said the exposed data included the names and Social Security numbers for all of the affected individuals, and, in some cases, home addresses, home and/or cell phone numbers, e-mail addresses, credit card numbers, bank account numbers, signatures and reasons for termination of employment, the Day reports.
Lisa Goldman of the Pfizer Privacy Office in a letter to the affected individuals said "there is no indication that any unauthorized person has used or is misusing the information that was removed from Pfizer."
Pfizer said it has selected Identity Safeguards, a company that specializes in preventing identity theft, to provide two years of credit monitoring and fraud-resolution counseling to the affected individuals. Pfizer also will provide $50,000 in identity theft insurance.
"We have modified the computer system where this information was stored and enhanced security for other computer systems as well," Goldman said. The three data breaches have affected a total of about 52,000 people (Howard, New London Day, 9/4).