Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Walgreens mobile app leaked some customers’ personal data

Some confidential messages sent to Walgreens customers via its mobile app were viewable by other customers, according to a Walgreens notification letter seen by ZDNet.

The app’s messaging feature allows registered customers to receive pharmacy alerts that include prescription refill notifications.

Walgreens said the data was exposed from January 9 until January 15.

“Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue,” the company wrote in the letter.

The pharmacy giant’s investigation into the incident revealed that “certain messages containing limited health-related information were involved in this incident for a small percentage of impacted customers.”

Specifically, the data included a customer’s first and last name, prescription number and drug name, store number, and, in some cases, the shipping address.

The company pointed out that no financial data — including Social Security numbers and bank account information — was involved in the incident. Nevertheless, the idea that highly personal information linked to health matters may have been seen by random strangers is likely to be of some concern to those affected.

The letter from Walgreens also included information on action that affected customers can take to protect their data from misuse, such as tips on identity theft protection.

Walgreens’ mobile app has had more than 10 million installs on Android. The install count for iOS isn’t listed, though it has received more than 2.5 million ratings by those who use it. The app receives high scores on both app stores, making the security error all the more disappointing for those who had placed faith in Walgreens’ ability to look after their data.

We’ve reached out to the Illinois-based company to ask how many of its customers have been affected by the bug and we will update this piece when we hear back.

Of course, this isn’t the first time that a company trusted with customer information has left it exposed online, and it won’t be the last. Just recently, smart-device maker Wyze revealed a number of data breaches that left personal data linked to millions of its customers exposed online, while Microsoft, USPS, and Tumblr, among others, have also suffered similar incidents.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Wyze customers hit by online data leak, company confirms
Wyze Sense Starter Kit review

Wyze, maker of smart home devices such as cameras, locks, and lightbulbs, has confirmed several data breaches that left personal data linked to millions of its customers exposed online.

The first leak was spotted by cybersecurity firm Twelve Security and reported on December 26, while the second was reported a short while later by a Wyze community member. Twelve Security suggested the data belonged to as many as 2.4 million Wyze customers.

Read more
Data leak exposes personal info of more than 3,000 Ring users
Ring Stick Up Camera

More than 3,000 Amazon Ring cameras were reportedly compromised this past week, potentially exposing the login credentials of users and possibly enabling hackers easy access to all kinds of information. 

Buzzfeed reports the leaked data could have allowed hackers to access Ring customers’ payment information, camera footage, and video cameras’ history.

Read more
T-Mobile hack may have affected around a million customers

T-Mobile customers have been caught up in a recent hack, the company said on Friday.

T-Mobile told TechCrunch that “less than 1.5%” of its customers had been affected, meaning around a million people may have had their data compromised in the incident.

Read more