A laptop stolen from a Pfizer employee’s car in April contained personal information on employees, health care professionals, service providers, and customers. In some cases, employees’ Social Security Numbers were included as well as names, addresses, and telephone numbers. It is not clear what types of data were involved for health care professionals or customers.
By letter dated June 10 to the New Hampshire Attorney General’s Office, Pfizer’s lawyers informed the state that the laptop was stolen on April 22. Sadly, although the laptop was reportedly encrypted and “equipped with an addition PIN-protected electronic locking mechanism,” the attorneys note that it was “possible that the encryption password may have been compromised.” There was no indication that the PIN or the locking mechanism were compromised, however.
I wonder what the employee did. Did s/he leave the password on a post-it taped to the laptop or what?
In a nice touch in their notification letter, Pfizer not only offered those affected two years’ worth of services and credit restoration coverage, but it also wrote, “we encourage you to take full advantage of the Pfizer-sponsored free credit and identity protection services, as well as other resources to secure your personal information.”