Pfizer has been having a rough year with respect to data breaches. It turns out that a laptop containing the info for roughly 13,000 Pfizer employees is now in the wind.
From The Day:
The company said late Friday in an e-mail to affected employees, including many at Pfizer Global Research and Development campuses in Groton and New London, that no Social Security numbers were on the encrypted laptop, but names, home addresses, home telephone numbers, employee identification numbers, positions and salaries were possibly compromised by an unencrypted flash drive.
Other information possibly exposed included the departments employees worked in, the Pfizer sites where employees worked, the names of employees’ managers and descriptions of their jobs.
The flash drive contained two worldwide reports with information from various Pfizer divisions, including animal health, finance, human resources, legal and medical, in addition to the local R&D headquarters, which employs about 5,500 people in Groton and New London.
Pfizer said in its e-mail that the company is not required to notify employees about data breaches involving information unlikely to lead to identity theft, but it brought the situation to light“as a matter of transparency and respect for colleagues.â€
You know, we don’t really have to tell you. So, we’re going to be the nice guys and let you know anyway. That way you can feel good about us. Hmm.
The upside being that the laptop was apparently encrypted. But, what of the USB device? Why was it operating al fresco?
Are your USB devices encrypted at the office? Do they need to be? Or better still do you allow them at all by policy?