Wednesday, June 22, 2005

Security Flaw Exposes CVS Purchase Data

Another day, another disclosure of a unauthorized access to privacy data.

An AP newswire article by Michelle R. Smith, via Yahoo! News, reports that:

A security hole that allowed easy access to the purchase information of millions of CVS Corp.'s loyalty card customers prompted the company to pull Internet access to the data on Tuesday.

The Woonsocket [Rhode Island]-based drugstore chain, which has issued 50 million of the cards, said it would restore Web-based access to the information after it creates additional security hurdles.

The data security flaw in the ExtraCare card service was exposed Monday by the grassroots group Consumers Against Supermarket Privacy Invasion and Numbering, or
CASPIAN.It said anyone could learn what a customer had purchased with an ExtraCare card by logging on to a company Web site with the card number, the customer's zip code and first three letters of the customer's last name.

Once logged on, a list of recent purchases could be sent to an e-mail account. Information about prescriptions was not provided, and the list of purchases was only available by e-mail.


Post a Comment

<< Home