According to Pfizer, "the breach occurred when the spouse of a Pfizer employee loaded unauthorized software onto the employee's Pfizer laptop computer. The software allowed outsiders access to a number of files, that included the names and social security numbers of the affected Pfizer employees."

Pfizer also writes that 15,700 employees "had their data accessed and copied" and 1,250 "may have had their data copied" by thieves.

Clearly Pfizer is trying to put the blame on the employee who's spouse loaded file sharing software onto a Pfizer computer, and as expected on Pfizer's message board on CafePharma other employees are now asking for this employee's head on a plate.

But is the story that simple?

No company with one hundred thousand employees can assure that each employee always does the right thing, much less their spouses.

What they can and should do is to assure there are appropriate routines and encryption in place to protect sensitive data even if such data is leaked.

Clearly Pfizer didn't care enough to do that.

This data breach will cause major challenges not only for Pfizer employees; the privacy of former employees has also been violated.

The fact that it has been confirmed that our names and social security numbers have been copied by anonymous individuals means that there is a significant likelihood that this information is now being traded on illicit websites; selling these numbers and names to be used in financial fraud and fake documents.

I have not received my letter yet, but I'm checking my mailbox every day.

Thank you, Pfizer!

To view Pfizer's letter to state attorney generals and employees, click here.