Walgreens e-mail server breached

The Walgreens pharmacy chain has notified many of its customers in New Hampshire and around the country that it experienced “unauthorized access” to e-mail addresses in early December. In an e-mail sent to customers, the Deerfield, Ill.-based company said, “We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. … Walgreens will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if ever asked for this information, you can be confident it is not from Walgreens.” Walgreens also said in the notice that prescription information, account and other personally identifiable information was not at risk because “such data is not contained in the email system, and no access was gained to Walgreens consumer data systems.”
The company also said it “voluntarily contacted the appropriate authorities” and was “working with them regarding this incident.” Michael Polzin, Walgreens spokesman, said he could not give further details of the security breach, such as whether the breach was due to someone hacking into the system or if data was simply left in an unsecure area, but did say, “We have added additional steps before e-mail lists can be viewed and we have also increased monitoring.” Polzin added he didn’t have the number or a geographical breakdown of customers whose e-mail accounts were exposed. Walgreens said customers with questions can call 1-888-980-0963. – CINDY KIBBE/NEW HAMPSHIRE BUSINESS REVIEW