Pfizer Inc. disclosed a new data breach at the company that exposed as many as 34,000 employees to potential identity fraud.
In a letter sent by Pfizer attorney, Bernard Nash to state attorneys general around the nation, the pharmaceutical
"The person responsible for the breach violated company policy and no longer works at Pfizer," Nash said. "The total number of affected individuals is still an estimate because there is a substantial amount of data to be analyzed."
Nash said that Pfizer discovered the breach on July 10. The letters to attorneys general were dated Aug. 23, more than seven weeks after Pfizer became aware of the problem and more than eight months after the information was exposed.
According to the letter, the breach involved the names and Social Security numbers of all people affected. The information also included home addresses, telephone numbers, fax numbers, e-mail addresses, credit card numbers, bank account numbers, passport numbers, driver's license numbers, military identification numbers, birth dates, signatures and reasons for termination of employment.
In a letter being sent to affected employees, Pfizer said it has retained Identity Safeguards, a firm specializing in identity theft to provide affected employees with credit protection services. The firm will provide $50,000 of Identity Theft insurance with no deductible, according to the letter.
Pfizer has hired a team of IT pros to investigate its systems after it first discovered a data breach. According to Nash, the company also contacted law enforcement and major national credit agencies.
In June, Pfizer confirmed that a data breach compromised the identities of 17,000 employees. In July, the company disclosed that an employee of a Pfizer contractor had two laptops containing employee data and proprietary information stolen from a car.