Walgreens Faces Legal Action Over Credit Card Receipt Data Exposure A recent lawsuit alleges that Walgreens violated the Fair and Accurate Credit Transactions Act (FACTA) of 2003 by improperly printing payment card details on a customer’s receipt. The plaintiff claims the drugstore chain failed to comply with the law’s truncation requirement, which mandates that receipts display only the last five digits of a card number to protect consumer data. Instead, the receipt in question reportedly included the first six and last four digits of the 16-digit card number, potentially exposing sensitive financial information. FACTA was enacted to prevent identity theft by limiting the disclosure of full card numbers on printed receipts. The case highlights ongoing concerns about retailer compliance with data protection laws, particularly in point-of-sale systems. If proven, the violation could result in penalties under FACTA, which allows for statutory damages in such cases. The outcome may set a precedent for how businesses handle payment receipts moving forward.

Walgreens’ Covid-19 test registration system exposed patient data of millions of people who got Covid-19 tests through Walgreens. The personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. However, Walgreens added an authentication screen to its Covid-19 test confirmation pages and made it mandatory for anyone who wants to access the test confirmation pages to enter the patient’s date of birth first.

The California Office of the Attorney General reported that Walgreen Co. experienced a data breach between May 26 and June 5, 2020, involving unauthorized entries into multiple Walgreens stores impacting customer health-related information. Specific details on the number of affected individuals are unknown, but compromised information may include names, addresses, phone numbers, date of birth, medication details, and other health-related data.

The California Office of the Attorney General reported that Walgreen Co. experienced a data breach on January 15, 2020, which allowed unauthorized viewing of personal messages within the Walgreens mobile app. The breach affected messages containing limited health-related information of customers and involved a potential exposure of customer names, prescription numbers, and addresses. The notification was reported on February 28, 2020.

On June 19, 2018, the California Office of the Attorney General reported a data breach involving Walgreen Co., which was discovered on April 17, 2018. Unauthorized skimming devices were found at two Walgreens-owned Rite Aid locations in Nashville, TN, potentially affecting customer payment card information. The breach may involve customer credit or debit card numbers, associated PINs, and possibly names, although there are no known reports of fraud as a result of this incident.