Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Walgreens Discloses Data Breach Related to Mobile App

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers.

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers.

The Walgreens mobile application allows users to shop, refill their prescriptions, get pill reminders, consult a doctor or pharmacist via a live chat feature, print photos in stores, obtain rewards, and store coupons. The app is used by tens of millions of individuals — the Android application has over 10 million installs and the iOS app has over 50 million.

A notification letter sent out by Walgreens to impacted customers informs them that one or more of their messages within the Walgreens mobile application may have been viewed by other users of the app due to an “error.” The letter was published on February 28 on the website of the California Attorney General.

“Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue,” reads the letter signed by Rina Shah, VP of pharmacy operations at Walgreens.

According to Walgreens, some of the exposed messages contained information such as first and last name, prescription number and drug name, store number, and shipping address. The company says social security numbers, bank account information or other financial details were not exposed.

It’s unclear how many customers are affected, but Walgreens says this “limited health-related information” was only leaked for a small percentage of impacted users. The information was exposed between January 9 and January 15, 2020.

“Walgreens promptly took steps to disable the message viewing feature within the Walgreens mobile app to prevent further disclosure until a permanent correction was implemented to resolve the issue. Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data,” Shah wrote.

Related: Target Mobile App Exposed User Data to Public

Advertisement. Scroll to continue reading.

Related: Vulnerability in Marriott Mobile App Exposed Customer Details

Related: Walgreens’ Customer Email List Falls into the Hands of Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...