Pfizer Worker Exposes Company Data with P2P Software
Pfizer Worker Exposes Company Data with P2P Software
June 15, 2007: A worker from the pharmaceutical giant Pfizer in the US has inadvertently exposed the personal details of up to 17,000 company employees after a mishap with a peer-to-peer (P2P) file sharing program.
According to Reuters, a P2P program was installed on a company laptop without authorisations, after which the employee’s spouse accidentally shared a folder containing the data and exposed the details of both current and former Pfizer employees.
Names, social security numbers and addresses may have been exposed during the slip up, leading Pfizer’s lawyers to launch into a flurry of letter writing, warning past and present employees and offering them free credit monitoring for a year, costing the company US$25,000.
“Immediately after Pfizer learned of this incident we retrieved the laptop, disabled the unauthorized file sharing software, and conducted an investigation to determine which files, if any, were exposed,” reads the letter according to Reuters.
“Although our investigation revealed that files containing names and social security number data were exposed to and, in some instances, accessed by one or more unauthorised persons over a 'peer to peer' network, we are unable to determine the identity or location of those persons, or whether any particular file was opened or examined,” the letter continued.
Data leaks such as this can be both costly and damaging to a company, and as technology makes it easier and easier for us to store, transport and share vast quantities of data the risk of data exposure and theft is rapidly increasing. Security technology is getting better, but at the end of the day employee vigilance can be the only real defence.
Comment on this story