Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Walgreens’ Customer Email List Falls into the Hands of Hackers

A recent incident has resulted in the email addresses of some Walgreens customers who receive special offers and newsletters from the company to fall into the hands of cybercrimals.

A recent incident has resulted in the email addresses of some Walgreens customers who receive special offers and newsletters from the company to fall into the hands of cybercrimals.

As a result, customers were spammed with email messages asking them visit another site (hosted by a cybercriminal) and enter personal data.

The company emphasized that only email addresses were obtained and that no personally identifiably information was collected as a result of the unauthorized access, as such data is not contained in the email system, and no access was gained to Walgreens consumer data systems.

A spokesperson from Walgreens said that company has voluntarily contacted the appropriate authorities and are working with them regarding the incident.

The company declined to comment on the number of email addresses that may have been obtained. The company has not responded as of publishing time on if the email data was hosted internally or with a third party email services provider.

The official statement provided to SecurityWeek from Walgreens is as follows:

“We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. Customer passwords, account information, prescription and any other personally identifiable information were not at risk because such data is not contained in the email system, and no access was gained to Walgreens consumer data systems. Although only email addresses were obtained, we believe it is important to inform our customers that, as a result, they may have received spam email messages asking them to go to another website and enter personal data.”

Advertisement. Scroll to continue reading.

Related News: Major Retailer Suffers System Intrusion – Payment Systems Compromised

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.