Report claims Walgreens is aware of breach but hasn’t fixed it
Walgreens’s COVID-19 test appointment registration system has exposed customers’ personal information online for months — and still does — according to a new report.
Technical consultant Alejandro Ruiz discovered the alleged breach in March, when one of his family members registered for a trial through the site, Vox records. informed of Monday. Ruiz stated that Walgreens was unresponsive when he brought the issue to the company’s attention via phone, email, and his own online security form, and that it was time for Recode to resolve the issue before publication to the company. Despite giving, the problem is still not fixed.
T-Mobile hit with class-action lawsuits over data breach
According to the outlet, a slew of information about any of the millions of Americans registered with Walgreens for testing can be viewed at an assigned URL of someone who has access to a customer’s browsing history, such as an employer. who has access to the customer’s computer. It’s also possible that sensitive information – including dates of birth, postal addresses and users’ email addresses – could be accessed by a “determined hacker” who uses bots to guess the specific URL for a user’s registration page. trying to use.
Recode pointed out, “But, given how many characters are in the ID and therefore how many combinations, [experts] Said that it would be nearly impossible to find just one active page this way – even one with millions.”
When reached by Granthshala Business for response to the article, Walgreens pointed to that line, while Recode said, “Of course, the near impossible does not equate to impossible.”
“Protecting the personal information of our customers and patients is a top priority,” Walgreens said in its official statement to Granthshala Business. “They trust us with their health and wellness needs, and we take that responsibility seriously. This includes making sure their data is safe and secure.”
Walgreens said, “We regularly evaluate our technology solutions to provide safe, secure and accessible digital services to our customers and patients, and we regularly review and incorporate additional security enhancements when necessary. “