Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Walgreens mobile app leaked some customers’ personal data

Some confidential messages sent to Walgreens customers via its mobile app were viewable by other customers, according to a Walgreens notification letter seen by ZDNet.

The app’s messaging feature allows registered customers to receive pharmacy alerts that include prescription refill notifications.

Walgreens said the data was exposed from January 9 until January 15.

“Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue,” the company wrote in the letter.

The pharmacy giant’s investigation into the incident revealed that “certain messages containing limited health-related information were involved in this incident for a small percentage of impacted customers.”

Specifically, the data included a customer’s first and last name, prescription number and drug name, store number, and, in some cases, the shipping address.

The company pointed out that no financial data — including Social Security numbers and bank account information — was involved in the incident. Nevertheless, the idea that highly personal information linked to health matters may have been seen by random strangers is likely to be of some concern to those affected.

The letter from Walgreens also included information on action that affected customers can take to protect their data from misuse, such as tips on identity theft protection.

Walgreens’ mobile app has had more than 10 million installs on Android. The install count for iOS isn’t listed, though it has received more than 2.5 million ratings by those who use it. The app receives high scores on both app stores, making the security error all the more disappointing for those who had placed faith in Walgreens’ ability to look after their data.

We’ve reached out to the Illinois-based company to ask how many of its customers have been affected by the bug and we will update this piece when we hear back.

Of course, this isn’t the first time that a company trusted with customer information has left it exposed online, and it won’t be the last. Just recently, smart-device maker Wyze revealed a number of data breaches that left personal data linked to millions of its customers exposed online, while Microsoft, USPS, and Tumblr, among others, have also suffered similar incidents.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
‘A staggering problem’: Working from home could lead to massive data leaks
man working from home

The corporate security situation right now is like trying to quickly assemble a shelter during a rainstorm, experts say: Even if you get something set up, you're still likely to have some water leaking through.
Everyone working from home, plus a reported increase in attempted cyberattacks means security systems straining under these unique conditions are especially vulnerable to massive hacks and data breaches -- which could be underway right now and may not be reported about for another six months.
“I’m terrified about it” said Ben Goodman, senior vice president of global business and corporate development at ForgeRock. “A lot of users are being thrust into a work from home environment, and they’re not at all used to this.”

It takes a lot to make sure users are properly implementing security best practices, he told Digital Trends -- practices that most companies didn't train for before employees were forced to work remotely.
“I think we’re going to have an unprecedented number of breaches being announced following the pandemic,” said Kayne McGladrey, member of the Institute of Electrical and Electronics Engineers.
“The amount of risk is at an all-time high,” agreed Chris Hertz, chief revenue officer for the cybersecurity company DivvyCloud. “If I were a cybersecurity professional, I would not be sleeping right now. It’s a staggering problem.”
An annual survey from DivvyCloud reported that 49% of respondents who use the public cloud in their jobs said “their developers and engineers at times ignore or circumvent cloud security and compliance policies.”
In addition, cyberattacks are on the rise, a trend that was already happening before the pandemic, and now has dramatically increased, said Hertz. 2018 and 2019 saw a record number of ransomware attacks that totaled $5 trillion in damages.
“Right now is one of the most critical periods for IT security professionals that we’ve had in last decades,” Hertz told Digital Trends. “As one of my colleagues says, we’ve planned for hurricanes, earthquakes, tornadoes, but not for a pandemic that would send literally everyone home for six to 12 months. That was never the framework we’re thinking of.”

Read more
Wyze customers hit by online data leak, company confirms
Wyze Sense Starter Kit review

Wyze, maker of smart home devices such as cameras, locks, and lightbulbs, has confirmed several data breaches that left personal data linked to millions of its customers exposed online.

The first leak was spotted by cybersecurity firm Twelve Security and reported on December 26, while the second was reported a short while later by a Wyze community member. Twelve Security suggested the data belonged to as many as 2.4 million Wyze customers.

Read more
Data leak exposes personal info of more than 3,000 Ring users
Ring Stick Up Camera

More than 3,000 Amazon Ring cameras were reportedly compromised this past week, potentially exposing the login credentials of users and possibly enabling hackers easy access to all kinds of information. 

Buzzfeed reports the leaked data could have allowed hackers to access Ring customers’ payment information, camera footage, and video cameras’ history.

Read more