Walgreens app exposes customer prescription data

An “error” in the Walgreens app left some customer data exposed for several days in January.
Walgreens discovered the flaw on Jan. 15 and promptly disabled the feature before fixing the app. (Getty Images)

Pharmacy chain Walgreens is alerting customers that their prescription data and other information may have been exposed thanks to a flaw in the company’s messaging app.

An “error” in the messaging feature of the Walgreens app that customers use to track prescriptions left some of their personal information exposed to other customers between Jan. 9 and Jan. 15, according to Rina Shah, vice president of pharmacy operations. A “small percentage” of customers were affected, she said.

Exposed data included customers’ names, prescription numbers, drug names and, in some cases, shipping addresses. It did not include financial data, Shah said in a letter posted last week to the California attorney general’s website. California law requires companies to report data breaches affecting state residents.

It was unclear precisely how many people were affected by the breach. A Walgreens spokesperson did not immediately respond to a request for comment. The company advised customers to monitor their prescriptions and medical records for suspicious activity.


Shah said that Walgreens discovered the flaw on Jan. 15 and promptly disabled the feature before fixing the app.

“Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data,” she wrote.

Walgreens has over 9,000 locations across the country, making it the second largest drugstore chain after CVS. Walgreens filled an estimated 1.2 billion prescriptions in fiscal 2019, according to its website.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts