A Pfizer employee in New Hampshire accidentally dropped a computer hard drive in the trash that had people's names and social security numbers on it. Pfizer has written to the people affected and offered them two years of credit and identity theft monitoring free of charge.
The Pfizer employee discarded the drive on March 26, apparently at home, according to DataBreaches.net. On May 7, Pfizer wrote to the attorney general of New Hampshire to disclose the breach:
I am writing to notify you of a potential data loss involving my client, Pfizer Inc, that occurred when a Pfizer employee inadvertently left a backup hard drive in a box that was discarded in the trash on March 26, 2009. Because the municipality in which this employee resides incinerates the trash within 24 hours after it is picked up, the risk of identity theft associated with this incident is very low.
... the hard drive contained information of approximately 3 residents of your state whose name, and Social Security numbers were potentially exposed. There have been no reports of any misuse of the potentially exposed information.Pfizer sent a letter to the affected people that said:
Pfizer has made arrangements that will enable you to sign up for two years of credit monitoring and identity protection services, if you wish to do so, at our expense.The incident comes after Pfizer had a rash of data breaches in 2007-2008 that affected about 65,000 people nationwide. It instituted new security measures, including encryption for laptops taken offsite, according to The Day.
Image by Flickr user chispita_666, CC.