Walgreens said its mobile app suffered an internal application error that exposed the personal details of some of its users.
Walgreens discovered the leak, which it called in a letter to customers “an error within the Walgreens mobile app personal secure messaging feature,” on January 15. The error allowed “certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app.”
Walgreens said certain messages containing limited health-related information were involved in the leak for a “small percentage” of impacted customers that were on the Walgreens mobile app between January 9, 2020 and January 15, 2020. While no financial information such as Social Security number or bank account information was involved in this incident, the following information might have been viewed by another customer: First and last name; Prescription number and drug name; Store number; and Shipping address where applicable.
Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue, but recommends customers monitor their prescription and medical records.