Consumer mailing lists at the US Walgreen Co. have been stolen by spammers and utilised in a phishing attack. The data breach became clear earlier this week, and on Friday they began to email the affected clients.
Breaking News Update: Mcdonalds attacked by hackers for their email database too
Michael Polzin, Divisional Vice President — Corporate Communications at Walgreens was quoted on MSN as saying “criminals so far have not attempted to imitate Walgreens corporate logo in the phishing e-mail they sent to consumers…The e-mails said they were from another company and asked (users) to update some information”
MSN goes on to quote him as saying “Walgreens would never ask consumers to e-mail personal information like credit card numbers or Social Security numbers” which of course we hope they wouldn’t as they should have already have learned their lesson. In light of the fact that they were guilty of such a breach in March 2009. A data breach in which the personal information of 28,000 retired Kentucky state employees was emailed without encryption and this included Birthdates, Social Security numbers, and health insurance claims numbers.
Full text of the email sent to clients on the 10th of December 2010 (courtesy of Ronald Skelton)Dear Valued Customer, We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you. We want to assure you that the only information that was obtained was your email address. Your prescription information, account and any other personally identifiable information were not at risk because such data is not contained in the email system, and no access was gained to Walgreens consumer data systems. As a company, we absolutely believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. Online security experts have reported an increase in attacks on email systems, and therefore we have voluntarily contacted the appropriate authorities and are working with them regarding this incident. We encourage you to continue to be aware of increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that Walgreens will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if ever asked for this information, you can be confident it is not from Walgreens. If you have any questions regarding this issue, please contact us at 1-888-980-0963. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. Sincerely, Walgreens Customer Service Team