Walgreens Breach Incident Score: Analysis & Impact (WAL1766022901)

In this Rankiteo incident briefing, we review the Walgreens breach identified under incident ID WAL1766022901.

The analysis begins with a detailed overview of Walgreens's information like the linkedin page: https://www.linkedin.com/company/walgreens, the number of followers: 639058, the industry type: Retail Pharmacies and the number of employees: 92003 employees

After the initial compromise, the video explains how Rankiteo's incident engine converts technical details into a normalized incident score. The incident score before the incident was 755 and after the incident was 711 with a difference of -44 which is could be a good indicator of the severity and impact of the incident.

In the next step of the video, we will analyze in more details the incident and the impact it had on Walgreens and their customers.

Walgreens recently reported "Walgreens Credit Card Receipt Data Exposure", a noteworthy cybersecurity incident.

The plaintiff, Marianna Wharry, brought a claim against Walgreens under the Fair and Accurate Credit Transactions Act of 2003, alleging the company violated the law's truncation requirement by including the first six digits and the last four digits of her 16-digit card number...

The disruption is felt across the environment, affecting Point-of-sale (POS) or receipt generation system, and exposing Payment card information (first six and last four digits of 16-digit card number), with nearly At least one records at risk.

Formal response steps have not been shared publicly yet.

Overall, the incident is a reminder of why proactive monitoring and strong governance matter.

Finally, we try to match the incident with the MITRE ATT&CK framework to see if there is any correlation between the incident and the MITRE ATT&CK framework.

The MITRE ATT&CK framework is a knowledge base of techniques and sub-techniques that are used to describe the tactics and procedures of cyber adversaries. It is a powerful tool for understanding the threat landscape and for developing effective defense strategies.

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Trusted Relationship (T1199) with moderate confidence (50%), supported by evidence indicating improper truncation of payment card info via POS/receipt system. Under the Collection tactic, the analysis identified Data from Information Repositories (T1213) with moderate to high confidence (70%), supported by evidence indicating exposure of first six and last four digits of card number on receipt. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with lower confidence (30%), supported by evidence indicating physical receipt containing partial card details handed to customer. Under the Impact tactic, the analysis identified Data Destruction (T1485) with lower confidence (40%), supported by evidence indicating increased risk of identity theft or payment fraud due to exposure and Defacement (T1491) with lower confidence (30%), supported by evidence indicating potential reputational damage due to regulatory violation. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.