Monday, June 18, 2007

Pfizer's P2P Debacle

Pfizer is the latest corporation to fall victim to an embarassing case of data loss.

As it turns out, ComputerWorld reports, the Social Security numbers of 17,000 current and former employees of Pfizer were exposed. But what is so interesting is that the exposure happened not because of a misplaced laptop, CD or errant email, but instead, because of P2P file-sharing program installed on an employee's home laptop. The money quote: "Of that group, about 15,700 individuals actually had their data accessed and copied by an unknown number of persons on a peer-to-peer network." Amazing.

Honestly, I'm surprised this hasn't happened before (maybe it has?). P2P programs are greedy when it comes to what files you have on your computer that get shared with the network. The philosophy for these programs is: the more the better. I remember not too long ago installing a P2P program and realizing that a lot of my school papers were accessible to everyone. I quickly changed the directories that the P2P program was allowed to scan and share, but I easily could have missed this. It sounds like the employee at Pfizer did. I bet Pfizer (and many other corporations) is scrambling to figure out how to stop this from happening again.

Addendum: Apparently, Pharmalot is responsible for the scoop. And here is the original source: a letter from Pfizer to NH's Attorney General (.pdf).


esilverman said...

Hi...Just fyi, Pfizer's security breach was first reported on Pharmalot. You can see the letter Pfizer sent its employees here...

Ed S

Sarah Tavel said...

Ed, Thanks for the comment. Great scoop by Pharmalot! I'll add to my post.