Pharma Giant Pfizer Exposed Personal Information Of Hundreds Of Prescription Drug Users

By   ISBuzz Team
Writer , Information Security Buzz | Oct 23, 2020 02:19 am PST

Global pharmaceutical company Pfizer exposed the personal information of hundreds of prescription drug users in the US by failing to secure a Google Cloud Storage bucket, according to teiss. This misconfigured bucket, discovered by security researchers at vpnMentor, stored conversations between Pfizer’s automated customer support software and its customers.

According to the researchers, most likely belonged to Pfizer’s US Drug Safety Unit (DSU) and contained transcripts between users of various Pfizer drugs and the company’s interactive voice response (IVR) customer support software.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
InfoSec Expert
October 23, 2020 10:19 am

If threat actors had located this gold mine of private and highly personal data, it is highly likely that it would have been exploited with effective follow-on phishing scams. Targeting victims with extremely personal data can be very effective as those affected believe there would be no other way to locate such information. The sender instantly gains the trust of the victim and further damage can quickly occur such as loss of money or even extortion.

Employing ethical hackers to constantly scan for easy-to-locate data which has been mistakenly placed wide open on the internet can be a very effective way of clamping down on such errors. Internal security staff are usually focused on looking for internal vulnerabilities but often data can leak into the internet which could do a lot of damage should a malicious actor locate it.

Last edited 2 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x