Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsA Major Pharmaceutical Company Data Breach Exposes Customer Personally Identifiable Information
As more businesses place their data in the cloud, including personal information, trade secrets, and intellectual property, the risk of cloud cyberattacks and the necessity to protect the data also increases.
Cybersecurity researches have recently discovered that a major pharmaceutical company Pfizer Inc. has suffered a significant data breach where patient information was found exposed on a misconfigured Google Cloud storage bucket (bucket is a basic container that holds data in a cloud). The exposed data included phone-call transcripts and personally-identifiable information of hundreds of customers who called the company’s interactive voice response system asking about refills, side-effects and other product-related information. Some of the information dated back to October 2018. Researchers discovered the bucket open to the internet (with no passwords or usernames required) in July of 2020. The bucket was subsequently made private several months later.
The personally identifiable information that was publicly exposed includes Pfizer customers’ full names, home addresses, email addresses, phone numbers, and partial details for health and medical status. The transcripts of customer calls appeared to be part of an automated internal process managing customer queries and complaints, and included transcripts of calls to the automated system as well as conversations with human customer support agents.
According to the published reports, it’s unclear how long the Google bucket was exposed and whether any cybercriminals had any access to it. Hackers could use personally identifiable information in combination with data on medical prescriptions to conduct sophisticated phishing and malware attacks and hijack prescription refills.
According to recent study, about 6 percent of all Google Cloud buckets are open to public internet due to system misconfiguration. Cyber-attackers could exploit these vulnerabilities to steal data, compromise websites, and launch further attacks. Companies utilizing cloud storage with Google and other providers should routinely monitor their cloud configurations to ensure security of their data.
Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653
