Pfizer Inc., criticized by security professionals after a data breach exposed 17,000 employees and former employees to possible identity theft earlier this year, has notified state Attorney General Richard Blumenthal of another incident, this time affecting 950 people.
"I am deeply disturbed and troubled by these continuing security problems with information that should be closely safeguarded," Blumenthal said today. "This kind of information should be treated as if it was cash because it has the same value as cash to someone who might misuse it."
In a letter dated July 20 but received just recently by Blumenthal's office, attorney Bernard Nash said a management consulting company named Axia Ltd. had notified Pfizer on June 14 of an incident in which two Pfizer laptops were stolen from a locked car. The laptops, which disappeared May 31 in Boston, included the names and Social Security numbers of health-care professionals who "were providing or considering providing contract services for Pfizer," according to the letter.
Pfizer, which let six weeks pass before notifying 17,000 employees about a data breach in the earlier incident, let five weeks go by before publicly acknowledging the latest breach. Pfizer said, however, it did not determine until June 19 that personal information had potentially been exposed.
Coincidentally, the second security breach occurred only one day after a letter was sent to Blumenthal about the first incident.