If you had a COVID test at a Walgreens, you may want to get identity theft protection.
The pharmacy chain’s COVID test registration system exposed data of potentially millions of people, including their date of birth, phone numbers, addresses, gender identity, and email addresses.
Alejandro Ruiz, a consultant with Interstitial Technology PBC, discovered the issues in March after a family member got a Covid-19 test. He told Walgreens and they didn’t respond. “Recode” verified the issue with other experts and then shared the information with the pharmacy chain.
“Recode” gave Walgreens time to fix the problem before publishing the story, but they haven’t. Instead they issued a statement saying “We regularly review and incorporate additional security enhancements when deemed either necessary or appropriate.”
The issue is the confirmation page. Not only is it easy to hack into, but there are ad trackers on it, which give companies like Google, Wish, Quibi, Jet Blue and more, access to the medical information of those taking the COVID tests.