Pfizer Learns The Hard Way About File Sharing Software
It exposed names and Social Security numbers on as many as 17,000 employees.
The data was grabbed from a Pfizer employee's computer through peer-to-peer file-sharing software that was installed by the employee's spouse. Pfizer told the Attorney General of New Hampshire, where 98 of the employees live, that data on 15,700 of them has been accessed and copied. Data on another 1,250 employees may have been exposed.
Pfizer is informing all of these people and has until June 22 to answer a long list of questions--how did it happen, what was exposed, and so on--from the Attorney General of Connecticut, where other Pfizer employees live. He says he is "aggressively and vigorously investigating" this breach.
Unfortunately for Pfizer, peer-to-peer software is a huge security risk. Many people don't know how to configure it so they're not accidentally sharing the contents of their entire hard drives with the rest of the world. As Howard Schmidt, a former cybersecurity advisor to President Bush, has pointed out many times, there's lots of "private" information floating around online--everything from medical records to network passwords to homeland security audits, all snatched through peer-to-peer software installed on somebody's computer.
Too bad Pfizer had to find out like this. Here's a link to the Pharmalot blog which broke the story. Pfizer did not return a call seeking comment.