Walgreen Data Breach Exposed PII and PHI Class Action

As the second-largest US pharmacy chain, Walgreens Company possesses a large amount of private information on its customers. But the complaint for this class action alleges that Walgreen does not take proper measures to keep this information secure, resulting in a 2019 data breach of its systems.

The class for this action is all persons whose PII and PHI were compromised in the Data Breach announced by Walgreen on or about December 3, 2019.

Walgreens specializes in fulfilling prescriptions, selling health and wellness products, and supplying photo services. As of mid-2019, it had more than 9,000 stores in fifty states.

In September 2019, Walgreens discovered abnormal activity in some customer accounts: supposedly valid log-in information was being used to gain access to the personally identifiable information (PII) and protected health information (PHI) of customers. The information included drug classifications from prescription records (such as beta blockers or antihypertensives), suggestions relating to health conditions (such as asthma COPD, or migraines), names, dates of birth, and rewards card and AARP information.

Walgreens discovered the data breach on September 26, 2019 and had identified affected customers by October 5. However, it did not give notice of the data breach until December 3.

The complaint claims, “This Data Breach was the direct result of [Walgreen’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect customer PII and PHI.”

It alleges that the company ignored the rights of customers “by intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions; failing to disclose that it did not have adequately robust computer systems and security practices to safeguard patient PII and PHI; failing to take standard and reasonably available steps to prevent the Data Breach; and failing to provide … prompt and accurate notice of the Data Breach.”

Data breaches naturally lead to incidents of identity theft. The complaint says, “In 2018, the healthcare sector reported the second largest number of breaches among all measured sectors and the highest rate of exposure per breach. … A report focusing on health-care breaches found that the ‘average total cost to resolve an identity theft-related incident … came to about $20,000.’ And that the victims were often forced to pay out-of-pocket costs for health care they did not receive in order to restore coverage.”

The complaint contends that Walgreen should have known about the dangers to the data it holds.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Walgreen Data Breach Exposed PII and PHI Complaint

April 20, 2020

As the second-largest US pharmacy chain, Walgreens Company possesses a large amount of private information on its customers. But the complaint for this class action alleges that Walgreen does not take proper measures to keep this information secure, resulting in a 2019 data breach of its systems.

Walgreen Data Breach Exposed PII and PHI Complaint

Case Event History

Walgreen Data Breach Exposed PII and PHI Complaint

April 20, 2020

As the second-largest US pharmacy chain, Walgreens Company possesses a large amount of private information on its customers. But the complaint for this class action alleges that Walgreen does not take proper measures to keep this information secure, resulting in a 2019 data breach of its systems.

Walgreen Data Breach Exposed PII and PHI Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy