The personal health information (PHI) of over 72,000 Walgreens customers has been exposed after looters broke into nearly 200 stores and stole prescriptions.
America’s second-largest pharmaceutical chain contacted impacted customers in July to disclose the data breach. Walgreens spokesperson Jim Cohn told the Philadelphia Inquirer that 180 Walgreens stores had been looted but declined to state which specific ones.
“As part of a comprehensive investigation and review of the damage, we learned there was also limited unauthorized access to certain patient information at some of these damaged locations,” Cohn said in a statement.
Walgreens said that while paper records and filled prescriptions were swiped by looters, no financial information or Social Security numbers belonging to customers were exposed.
In a breach notification letter dated July 24, Walgreens wrote: “Sometime between May 26 and June 5 2020, various groups of individuals broke into multiple Walgreens stores and forced entry into the secured pharmacy at select locations, including your preferred Walgreens.
“Among the many items stolen were certain items containing health-related information — such as filled prescriptions waiting for customer pick up and paper records.”
Sensitive information exposed in the spate of looting included customers’ full name, address, date of birth/age, phone number, email address, balance rewards numbers and photo ID numbers. Vaccination information was also exposed along with prescription details and clinical and health plan information.
According to data in the Office for Civil Rights (OCR) breach portal, the data breach may have affected 72,143 Walgreens customers.