Second data breach in less than three months has people wondering what is going on at the giant pharmaceutical company.  Whether or not the frequent data breaches are coming from interested hackers, sloppy security systems, or a mixture of the two has yet to been seen.  However, within months of a delayed alert to 17,000 employees that their personal information had been compromised, another 950 people have been affected in a different breach of the security features of the network.

Connecticut state Attorney General issued a public statement stating how disgusted he was with the way that Pfizer is handling personal information of its employees and clients.  At one point Richard Blumenthal notes that “this information should be treated like cash.”  Pfizer has noticed a drop in its stocks as of late as a result of all the negative attention that it has been receiving in the national media in recent months.  In this incident, it was a consulting firm that was working with Pfizer that actually lost the sensitive information.  Two laptops were stolen from a locked car in Boston at the end of May, but a letter was not sent to the Attorney General for another three weeks and it was only now received by him, which generated his public statement about the disarray of the security in the company.

The consulting firm was Axia Ltd. and they have not issued an apology to the public about the incident.  It would appear that the information was neither password protected or encrypted, which makes the likelihood that it will be used by identity thieves even higher.  Unsecured information is unacceptable in this day and age and Pfizer has vowed that it will completely overhaul its security procedures and is bringing in industry leading experts to make sure that nothing of this sort happens again.  Unfortunately, knowing their recent track record it is difficult to believe the sincerity behind Pfizer.  The information on the laptop contained the names, social security numbers, and addresses of health industry consultants who were working to distribute Pfizer products around the world.

At this point, Pfizer has not said if it will continue to work with Axia Ltd. or if it will provide monitoring services to the nearly 1,000 newly affected individuals.  With the size of the recent breaches, a source who wished to remain anonymous has said that certain employees are considering filing a class action suit against the incompetence of the company and the delayed response before alerting people of the breach.  In the mean time, people are being advised to protect themselves by enrolling in ID theft subscription services.  One of the most popular choices has been Lifelock.  A company mainly known for its commercials with display the social security number of the owner on the side of a truck in downtown New York City, people are turning to it because of its successful track record.  By maintaining ties with Equifax, Trans Union, and Experian, Lifelock helps prevent ID theft before it happens.  While it cannot do anything about personal information getting into the hands of crooks, it can stop them from filing fraudulent loan and credit card applications.  Whenever this type of information appears at a credit bureau fro review, the company contacts its customer to make sure it is valid.  If it is a fraudulent piece of work, then it is prevented from being processed which stops the ID thieves from getting the cash or line of credit they were hoping to establish.

It was revealed today that Pfizer might be in trouble again after they reported another potential data breach–this one affecting over 13,000 company employees. Like several other recent id thefts, this one was initiated by the theft of a company laptop that contained employee records. On the bright side, this time, was that there weren’t any social security numbers stored on the stolen laptop.

An employee was quoted as saying, “How many … times does this have to happen before someone figures out that the people being given access to this info are clearly incompetent and incapable of keeping it secure?”. I’ll go ahead and answer that for you–a LOT. This seems to happen all the time and it’s not just Pfizer that has some incompetent people being charged with safeguarding the identities of their employees.

Although Pfizer has said they’re now going to start encrypting all laptops, this is hardly going to prevent similar problems from arising in the future–like their employee correctly pointed out, when the people in charge of ensuring the safe handling of information can’t be counted upon to be responsible in doing their jobs all of the encryption and upper-level decisions aren’t going to do any good at all. To be cliché about it, an ounce of prevention is worth a pound of cure, but when you can’t even get an ounce of prevention into the right hands…well, then you’re going to be paying for a lot more pounds of cure; tons of cure (if you will).

Now, Pfizer has coupled these efforts with mandatory training for both employees and contractors covering the importance of data security so they’re taking the right steps but shouldn’t they have done this before the first incident last year–or at least before the most recent breach? We all make mistakes, both as individuals and as corporations, but come on, we all have enough to worry about that having to expend our mental energy on having safe identities because we have a job is really just ridiculous.

Fortunately there are several identity theft companies that provide large-scale solutions for companies in situations like Pfizer including Lifelock and their main competitor, Debix. Lifelock has been called upon in many previous cases to put locks down on the credit of affected employees to ensure no harm comes from the theft of private data.