Advertisement
Subscribe to our daily newsletter.
Subscribe

Burglars expose Walgreens customer data in a different kind of breach

It's a reminder that physical attacks can trigger breach notifications.

By

Walgreens
Customers’ health insurance and vaccination information may have been swept up the breach, Walgreens said, but credit card data and Social Security numbers were not affected. (Getty Images)

Groups of unidentified thieves broke into multiple Walgreens stores in late May and early June and stole prescription information and other data on some 70,000 customers, a spokesman for the pharmacy chain said Monday.

The assailants forced their way behind pharmacy counters and stole drug prescriptions, and also took a “very limited number of hard drives attached to stolen cash registers,” according to a letter Walgreens sent affected customers. Customers’ health insurance and vaccination information may have been swept up in the breach, Walgreens said, but credit card data and Social Security numbers were not affected.

“Like many retailers, pharmacies and local businesses across the country, Walgreens recently had a number of its stores sustain varying degrees of damage as a result of vandalism and theft,” Walgreens spokesman Jim Cohn said. “Protecting our customers’ personal information is a top priority and something we take very seriously.  We’ve worked with local law enforcement, and are continuing to take steps to assist and notify customers who may have been impacted.”

Cohn said Walgreens was not aware of any fraud stemming from the burglaries. To prevent fraud, Walgreens said it cleared and then re-entered the affected prescriptions into its computer systems. The notification letter was posted on the California attorney general’s website. California law requires companies to report data breaches affecting state residents.

Advertisement

The incidents are a reminder that, as health care organizations try to guard their networks from hackers, physical attacks can also compromise sensitive customer data. As the second largest drugstore chain in the U.S. after CVS, Walgreens hosts a wealth of data that criminals could profit from on underground online forums.

The law forced another breach disclosure from Walgreens in March, when the pharmacy chain said that a flaw in the Walgreens app had exposed a “small percentage” of customer data, such as prescription numbers and drug names, for a week in January.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

Securing the Skies: Aerospace Cybersecurity with David Brumley

Verizon’s Lamont Copeland on defending against the expanding attack surface

Cisco’s Jane Zipoli on how cloud services affect real-time threat detection

Government

Technology

Threats

Geopolitics