USA: Walgreens notifies OCR of data security incident
Walgreens Co. notified, on 24 July 2020, the Department of Health and Human Services' Office of Civil Rights ('OCR') of a data security incident involving 72,143 potential victims. In particular, in a data breach notification letter ('the Notification Letter') submitted to the California Office of the Attorney General, Walgreens notes that, on 15 January 2020, an error was discovered in the Walgreens mobile app personal secure feature. An investigation found that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Finally, the Notification Letter states that the investigation determined that the information that may have been viewed includes first and last names, prescription number and drug name, and store number.