Drugstore Penalty Leads Breach Roundup

Walgreens Fined for Improper Disposal of Information
Drugstore Penalty Leads Breach Roundup

In this week's breach roundup, the Walgreens drugstore chain will pay $16.6 million to settle a California case involving improper disposal of hazardous waste, as well as certain confidential patient information. Also, an Arizona man was arrested for purchasing personal information online and then using it to commit financial fraud.

See Also: 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys

Walgreens Faces $16.6 Million Penalty

The Walgreens drugstore chain will pay $16.6 million to settle a California case involving improper disposal of hazardous waste, as well as certain confidential patient information, in dumpsters near their stores.

Among the waste found by investigators were "90 different pieces of evidence" featuring patient records, including prescription receipts and pill bottles containing patient names, dates of birth, drug names, prescription record numbers, and other information, says Karen Doty, San Diego County deputy district attorney and head of the district attorney's environmental protection unit.

Alameda Superior Court ordered Walgreens to pay the monetary penalty as part of a settlement between the retailer and 42 California district attorneys and two city attorneys.

Arrest in Identity Theft Case

A 34-year-old Arizona man was arrested for purchasing personal information online and then using it to prepare tax returns, placing the refund money on prepaid debit cards, according to a local news report.

The Sierra Vista Police Department was contacted by Cochise College, located in Douglas, Arizona, in February when it discovered a flash drive was left in a school computer. An investigation determined that 800 to 900 names and associated personal information were stored on it, the report said.

The information on the flash drive consisted of stolen identities and financial information of individuals from other states.

Detective Colin Festa said the names were illegally obtained by Internet phishing scams, "often via e-mails made to look like legitimate communications from credit card companies and banks," the report said. Osabuohien Odyssey Oronsaye, the man arrested, allegedly purchased the information online for $1.50 per name.

Oronsaye was indicted on December 5 by a federal grand jury in Tucson and charged with false claims, wire fraud, aggravated identity theft and access device fraud, the news report explained.

Helpline Callers' Info Compromised

A breach at a helpline charity in Derry, Northern Ireland, was caused by the collapse of a stack of boxes, according to the Belfast Telegraph.

The helpline is run by Contact NI, an independent counseling service.

Reports said the storage boxes collapsed and opened up an emergency door in Contact's sixth-floor office. Sensitive documents then fell out of the door and were blown around outside.

According to a BBC report, the documents contained caller information, such as first and second names, as well as personal accounts from counseling conversations.

As a result of the breach, Contact NI has introduced new measures, including a paperless system for data management, the Belfast Telegraph reported.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.