Importantly, this incident does not include medical records, prescription information, Social Security numbers, driver’s license numbers, passport numbers, government identification numbers, or other sensitive information about Pharmaca’s customers.
Customers needing more information can call the firm’s dedicated information line at 866-904-6220 from 6am to 6pm PST, Monday through Friday, and 8am to 5pm PST Saturday through Sunday.
Gemini Advisory informs DataBreaches.net that they had independently confirmed the Pharmaca breach through the identification of sold compromised payment card data being sold by one dark web vendor. The compromised data was posted for sale between October and December of 2018, they say.
Of note, Gemini’s analysis of the compromised payment card data indicated that 13 of 29 Pharmaca locations were breached in five US states: Washington state, Oregon, California, Colorado, and New Mexico. Their research also suggested that as many as 150,000 payment cards may be associated with this breach, with the following data types involved: card number, expiration date, and occasionally the cardholder’s name.
At this time, Gemini Advisory has turned over all of its findings to US federal law enforcement for further analysis.
Pharmaca’s notification to California appears below.
Pharmaca - Regulator Notice - CA - FINAL_0 (notice)_0