Pharma Giant Pfizer Exposed Personal Information Of Hundreds Of Prescription Drug Users

Global pharmaceutical company Pfizer exposed the personal information of hundreds of prescription drug users in the US by failing to secure a Google Cloud Storage bucket, according to teiss. This misconfigured bucket, discovered by security researchers at vpnMentor, stored conversations between Pfizer’s automated customer support software and its customers.

According to the researchers, most likely belonged to Pfizer’s US Drug Safety Unit (DSU) and contained transcripts between users of various Pfizer drugs and the company’s interactive voice response (IVR) customer support software.

Experts Comments

October 23, 2020
Jake Moore
Cybersecurity Specialist
ESET
If threat actors had located this gold mine of private and highly personal data, it is highly likely that it would have been exploited with effective follow-on phishing scams. Targeting victims with extremely personal data can be very effective as those affected believe there would be no other way to locate such information. The sender instantly gains the trust of the victim and further damage can quickly occur such as loss of money or even extortion. Employing ethical hackers to constantly.....Read More
If threat actors had located this gold mine of private and highly personal data, it is highly likely that it would have been exploited with effective follow-on phishing scams. Targeting victims with extremely personal data can be very effective as those affected believe there would be no other way to locate such information. The sender instantly gains the trust of the victim and further damage can quickly occur such as loss of money or even extortion. Employing ethical hackers to constantly scan for easy-to-locate data which has been mistakenly placed wide open on the internet can be a very effective way of clamping down on such errors. Internal security staff are usually focused on looking for internal vulnerabilities but often data can leak into the internet which could do a lot of damage should a malicious actor locate it.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.