Posted by: Ken Harthun
data breach, Email security, Identity Theft, Phishing, spam
Walgreens, the national drug store chain, reported a data breach where someone gained unauthorized access to customers’ email addresses. Since I’m a Walgreens customer, I received this message late yesterday:
Dear Valued Customer,
We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you.
We want to assure you that the only information that was obtained was your email address. Your prescription information, account and any other personally identifiable information were not at risk because such data is not contained in the email system, and no access was gained to Walgreens consumer data systems.
As a company, we absolutely believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. Online security experts have reported an increase in attacks on email systems, and therefore we have voluntarily contacted the appropriate authorities and are working with them regarding this incident.
We encourage you to continue to be aware of increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that Walgreens will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if ever asked for this information, you can be confident it is not from Walgreens.
If you have any questions regarding this issue, please contact us at 1-888-980-0963. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
Walgreens Customer Service Team
I am happy to report that I haven’t seen any spam that I can identify as being related to the breach.
If you are a Walgreens customer, be sure to use caution and don’t blindly assume that a message you receive from them, especially if it asks for personal information, is valid. Here are several tips from US-CERT you should put into practice for ALL of your emails:
- Filter spam
- Don’t trust unsolicited email
- Treat email attachments with caution
- Don’t click links in email messages
- Install antivirus software and keep it up to date
- Install a personal firewall and keep it up to date
- Configure your email client for security
Be careful out there!