Walgreens app exposes customer prescription data

Pharmacy chain Walgreens is alerting customers that their prescription data and other information may have been exposed thanks to a flaw in the company’s messaging app.

An “error” in the messaging feature of the Walgreens app that customers use to track prescriptions left some of their personal information exposed to other customers between Jan. 9 and Jan. 15, according to Rina Shah, vice president of pharmacy operations. A “small percentage” of customers were affected, she said.

Exposed data included customers’ names, prescription numbers, drug names and, in some cases, shipping addresses. It did not include financial data, Shah said in a letter posted last week to the California attorney general’s website. California law requires companies to report data breaches affecting state residents.

It was unclear precisely how many people were affected by the breach. A Walgreens spokesperson did not immediately respond to a request for comment. The company advised customers to monitor their prescriptions and medical records for suspicious activity.

Shah said that Walgreens discovered the flaw on Jan. 15 and promptly disabled the feature before fixing the app.

“Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data,” she wrote.

Walgreens has over 9,000 locations across the country, making it the second largest drugstore chain after CVS. Walgreens filled an estimated 1.2 billion prescriptions in fiscal 2019, according to its website.