Walgreens Learns of Unauthorized Disclosure of Secure Messages Within Walgreens Mobile App – Certain Personal Information May Have Been Exposed

Kehoe Law Firm, P.C. is making consumers aware that Walgreens reported a data breach on February 28, 2020 to the California Attorney General.  In the data breach notification letter to the California Attorney General, Walgreens stated, among other things that:

[Walgreens] recently learned of unauthorized disclosure of one or more of your secure messages within the Walgreens mobile app. [Walgreens is] contacting you to provide you with information about the incident and also with information about steps you can take to protect yourself.

. . . 

On January 15, 2020, Walgreens discovered an error within the Walgreens mobile app personal secure messaging feature. [Walgreens’] investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once [Walgreens] learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue.

As part of [the] investigation, Walgreens determined that certain messages containing limited health-related information were involved in this incident for a small percentage of impacted customers. [Walgreens] believe[s] that you were part of the impacted customer group and that one or more personal messages containing your limited health-related information may have been viewed by another customer on the Walgreens mobile app between January 9, 2020 and January 15, 2020.

. . .

[Walgreens] investigation determined the following information might have been viewed by another customer:

• First and last name

• Prescription number and drug name

• Store number

• Shipping address where applicable

No financial information such as Social Security number or bank account information was involved in this incident. [Emphasis added.]

ZDNet.com reported (“Walgreens says mobile app leaked users’ personal data“) that “[t]he company did not say how many of the app’s users were impacted by the bug, but it did say that sensitive drugs prescription details were only exposed for a small percentage of the total users who were affected.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.