DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Walmart vendor error exposed limited patient information

Posted on June 16, 2016 by Dissent

Walmart, who reported a breach involving pharmacy records in March, has disclosed another breach to HHS. This one, reported June 8, reportedly affected 27,393 patients. Thankfully, it does not seem to have exposed particularly sensitive information.

DataBreaches.net asked Walmart for a statement describing the incident, and received the following statement:

Recently, we learned that the company that processes our patient refund checks experienced a printing error.

This error caused incorrect information to be printed on the letters that accompanied the refund checks sent to customers. As a result, the mailing a customer received may have included another individual’s information, limited to: (1) name, (2) a pharmacy prescription number or an optical order number, (3) the order date, and (4) a refund amount. The city and state of the Walmart or Sam’s Club visited also was included. It should be noted that no Social Security numbers, driver’s license numbers, financial information, insurance information, addresses, telephone numbers, date-of-birth, or prescription names were disclosed and no electronic information of any kind was affected.

These letters are dated May 13, 2016 and were sent on May 15, 2016. We were informed of the printing error on May 20, 2016 and immediately began looking in to the matter with the company that handled these mailings. We are also reviewing policies and procedures with them to prevent this error from occurring again. Although we do not anticipate any harm to patients and have no indication the information was misused, out of an abundance of caution, we have notified any customers who may have been affected.

While we do not take this lightly, it is important to note that the information that was disclosed is highly unlikely to lead to any fraudulent activity by those who received the letter.

The checks customers received are legitimate and correct. It is a refund they are entitled to receive and should feel assured to cash and utilize it. We will be following up with patients who do not cash their checks to help ensure that all refunds are effectively received. If customers would like to contact us to confirm or replace the check, they should call 1-866-788-5580.

We place great value in our customers’ trust and take this matter very seriously.  We are fully committed to protecting the privacy and security of our customers’ personal information.

 

Related posts:

  • IRS’s Top 10 Identity Theft Prosecutions
  • Ringleader of $24 Million Stolen Identity Tax Refund Fraud Ring Sentenced to 15 Years in Prison
  • Walmart: Notice of Data Security Incident
Category: ExposureHealth DataPaperSubcontractorU.S.

Post navigation

← Update on Chicago employees’ retirement account breach
IE: Police officer cleared of leaking personal details used in virtual reality dispute →

2 thoughts on “Walmart vendor error exposed limited patient information”

  1. Harry Van Court says:
    June 17, 2016 at 10:26 am

    So was the error at the printing company or in the data files provided to the vendor? In such situations either is real possibility, but is very easy to blame an unnamed vendor. The company will not likely let us know, but knowing that the company is truly trying to identify the failure point would be great.

    I truly appreciate the information you provide on this site and I reference it (and your site) to folks in the security, audit, and privacy area here. Thank for the time an effort you make on this site.

    1. Dissent says:
      June 17, 2016 at 12:49 pm

      As you note, it could be either, but this one reads like it was the vendor’s error because they reviewed the vendor’s policies and procedures and not their own. 🙂

      And thank you so much for the kind words about this site.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.