Pfizer's little problem
For the third straight month, the pharmaceutical giant is reporting a serious security breach that may have resulted in the loss of personal data belonging to current and/or former employees. The most recent breach, reported last week, involves the potential theft of personal data on some 34,000 current and former workers at the company.
A Pfizer spokesman called the breaches “three separate and distinct incidences” that bear no relationship to each other.
(Dark Reading, “Pfizer: Strike Three“)
There are several interpretations that spring to mind. The first is that all are related by poor infosec practice at Pfizer. The second is that Pfizer is doing a better job of honest reporting than other organizations.
If you’re a CEO confronted with these losses, your first instinct is going to be to cover up. To ask what you can do to avoid getting sued. It may make more sense to level with employees, and explain to them what’s going on.
As Rich Mogul points out, “you have to feel for the employees who don’t have much of a choice to go anywhere “more” secure.”
Hard as it is to confront these mistakes, covering it up and being caught is going to be a lot worse.
If only Pfizer made a drug to stiffen backbones.