It seems that Walgreens had an insider breach at their Harford Rd., Baltimore store.
On November 27, they reported to the the Maryland Attorney General’s office that a pharmacy employee had been accessing misusing customers’ credit card numbers. Eight Maryland residents were affected. Walgreens learned of the breach on November 4, terminated the employee, and referred the matter to law enforcement. The employee is being prosecuted.
You can read their notification to the state here (pdf).
Walgreens offered affected customers free credit monitoring services. You can read their notification to customers here (pdf). They gave affected customers some good advice as to how to protect themselves. Their key points (and I’m emphasizing some of the ones we don’t see that often or often enough):
1. Monitor your insurance benefits. Ask your insurer for a listing of benefits paid out under your policy.
2. Check your prescription records. If you suspect you’re a victim of medical ID fraud, get a copy of your records from your pharmacy.
3. Place an initial fraud alert on your credit reports.
4. File a complaint with the Federal Trade Commission (FTC).
5. Contact your Attorney General.
6. Correct inaccurate medical records. If you find errors in your medical files, have them corrected immediately. The federal law lets patients correct medical records created only by the medical provider or insurer that now maintains your information. You may need to contact all of your medical/health providers. If necessary, we will contact your insurance company on your behalf.
7. File a police report.
Good job on the notification, Walgreens!