Skip to main content
  1. Home
  2. Mobile
  3. News

Walgreens mobile app leaked some customers’ personal data

Trevor Mogg
By

Some confidential messages sent to Walgreens customers via its mobile app were viewable by other customers, according to a Walgreens notification letter seen by ZDNet.

The app’s messaging feature allows registered customers to receive pharmacy alerts that include prescription refill notifications.

Walgreens said the data was exposed from January 9 until January 15.

“Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue,” the company wrote in the letter.

The pharmacy giant’s investigation into the incident revealed that “certain messages containing limited health-related information were involved in this incident for a small percentage of impacted customers.”

Specifically, the data included a customer’s first and last name, prescription number and drug name, store number, and, in some cases, the shipping address.

The company pointed out that no financial data — including Social Security numbers and bank account information — was involved in the incident. Nevertheless, the idea that highly personal information linked to health matters may have been seen by random strangers is likely to be of some concern to those affected.

The letter from Walgreens also included information on action that affected customers can take to protect their data from misuse, such as tips on identity theft protection.

Walgreens’ mobile app has had more than 10 million installs on Android. The install count for iOS isn’t listed, though it has received more than 2.5 million ratings by those who use it. The app receives high scores on both app stores, making the security error all the more disappointing for those who had placed faith in Walgreens’ ability to look after their data.

We’ve reached out to the Illinois-based company to ask how many of its customers have been affected by the bug and we will update this piece when we hear back.

Of course, this isn’t the first time that a company trusted with customer information has left it exposed online, and it won’t be the last. Just recently, smart-device maker Wyze revealed a number of data breaches that left personal data linked to millions of its customers exposed online, while Microsoft, USPS, and Tumblr, among others, have also suffered similar incidents.

Editors' Recommendations

Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
Hey look, the iPhone’s Dynamic Island has come to … Android?!?
dynamic island android app dynamicspot
Apple rolls out iOS 16 update to fix frustrating camera-shake, paste bugs
iPhone 14 Pro gets iOS 16.0.2 update.
Pixel Watch design video reveals what Google doesn’t want you to see
Render of the Google Pixel Watch, showcasing its gargantuan bezels.
Apple Watch Ultra review roundup: a truly curious beast
Someone wearing the Apple Watch Ultra while climbing.
How to use the Galaxy Z Fold 4’s massive screen without losing your mind
Samsung Galaxy Z Fold 4.
Best Phone Deals: Save on Google Pixel 6, Galaxy S22 Ultra
Galaxy S22 Ultra and iPhone 13 Pro cameras seen from the back.
Does the iPhone 14 have a 120Hz display?
Someone holding an iPhone 14, showing the Lock Screen.
How to transfer WhatsApp messages from Android to iPhone
Two phones on a table next to each other. One is showing the WhatsApp logo, and the other is running the WhatsApp application.
Best cheap Fitbit deals for September 2022
fitbit versa review version 1522045407 full 19
The Uber hack is an outrageous tale of a teen hacking for fun
An Uber cab
The best Samsung Galaxy S22 screen protectors for 2022
The Samsung Galaxy S22 in hand.
LG’s doomed Rollable phone appears on video to show us what we missed
LG Rollable front, midway through unfolding.