2 min read

Leaky Pharma Giant Database Exposes Personal Information of US Prescription-Drug Users

Alina BÎZGĂ

October 21, 2020

Leaky Pharma Giant Database Exposes Personal Information of US Prescription-Drug Users

Pharmaceutical giant Pfizer has been exposing private medical information of US prescription-drug users for months, according to vpnMentor’s cybersecurity research team.

The sensitive data was stored on a misconfigured Google Cloud Storage bucket. Researchers even found some information dating back to October 2018, speculating that the database could have been accessible for nearly two years.

“The exposed data related to conversations between Pfizer’s automated customer support software and people using its prescription pharmaceutical drugs, including Lyrica, Chantix, Viagra, and cancer treatments Ibrance and Aromasin,” researchers said.

“In total, there were 100s of transcripts from individuals across the USA, with more being uploaded during our investigation.”

A review of the transcripts revealed additional personal Identifiable Information (PII), including full names, home addresses, email addresses, phone numbers and details of patients’ health and medical status.

The database was secured on September 23, after several failed attempts to contact the pharma giant. The researchers emphasized that it took Pfizer two months to reply to their initial report.

“From the URL you gave, I failed to see how it is important Pfizer data (or even an important data at all),” Pfizer said.

However, after vpnMentor’s investigator sent a sample containing customer information, Pfizer immediately secured the database.

“We then shared a file with a sample of their customers’ PII data that we found in the Google bucket,” researchers added. “After this, they finally secured the bucket, but never replied to our messages again.”

If criminals had stolen the information, customers could face targeted phishing attacks that could lead to further data exposure and even financial losses. Bad actors could have easily tricked victims into revealing financial data by posing as Pfizer customer support representatives and referring to the information in the transcripts.

“If cybercriminals succeeded in tricking a victim into providing additional PII data, they could use this to pursue various forms of fraud, including total identity theft,” vpnMentor researchers noted. “In doing so, they could destroy a person’s financial wellbeing and create tremendous difficulty in their personal lives.”

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Gamers Should Still Take Precautions Despite No Evidence Of User Compromise in Electronic Arts Data Breach Gamers Should Still Take Precautions Despite No Evidence Of User Compromise in Electronic Arts Data Breach
Alina BÎZGĂ

September 16, 2021

3 min read
Have you fallen victim to a data breach? Follow these six steps to protect against possible side effects Have you fallen victim to a data breach? Follow these six steps to protect against possible side effects
Alina BÎZGĂ

September 14, 2021

3 min read
7 Ways to Effectively Secure Your Digital Identity 7 Ways to Effectively Secure Your Digital Identity
Alina BÎZGĂ

September 13, 2021

4 min read