Firm Warns Consumers of Data-Security Breach

A data breach that has already hit a range of companies in financial services and retailing has also affected drug giant GlaxoSmithKline PLC, which warned consumers in a letter over the weekend that their email addresses and names “were accessed by an unauthorized third party.”

Glaxo said the breach affected consumers who have registered with Glaxo Web sites for some prescription and nonprescription drugs and products.  A Glaxo spokeswoman declined to name the product sites affected.

The company is one of the world’s largest drug makers, selling products ranging from medication for asthma, HIV and depression to Nicorette gum.

Glaxo said in its letter that the stolen information “may have identified the product website on which you registered.”

Glaxo is one of many companies that have used Epsilon Data Management LLC, a division of Alliance Data Systems Corp, to handle its email marketing campaigns.  Earlier this month, Epsilon said an “unauthorized third party” had hacked into its system and accessed customer information.

Glaxo said one of the “primary concerns” arising from the breach is that consumers may be targeted with illegal “phishing” emails, which pretend to be from an official source such as a company or bank, and seek to get people to divulge information such as Social Security numbers.  Glaxo warned consumers no to respond to such emails.