Postal Prescription Services Customers Have Their Data Exposed
Table of Contents
- By Steven
- Published: Mar 30, 2023
- Last Updated: Mar 30, 2023
Postal Prescription Services is an Oregon-based mail-order medication business that sends medication to thousands of customers. It began associating with Kroger recently, and around the time of that merger, it suffered from a data leak. The grocery store chain Kroger is spread out over more than 2,800 separate locations, has over 465,000 employees, and serves millions of customers each year. As a result, many customers had some of their data exposed due to a mistake that was made.
How Did the Attack Occur?
“Attack” isn't the right term for this Kroger data incident. Instead of hackers intentionally breaking into the file network or something, data was leaked due to mistakes made when combining PPS data with that of Kroger. When PPS, a mail-order pharmacy in Portland, Oregon, joined forces with Kroger, PPS members were given Kroger accounts using their patient names and email addresses. This information was exposed to the general public for many years. The information wasn't made secure because mistakes were made when transferring patient data to create those accounts. This is a minor issue overall due to how little information was involved, but it's still worth noting, especially because it impacts so many patients.
What Information Was Viewed or Stolen?
Between July 2014, and January 13, 2023, PPS users had their email addresses and full names exposed on the internet. This information isn't highly invasive, but it is enough to make users vulnerable to phishing attacks and other issues. More than 82,000 customers had their information exposed, and it isn't likely that Kroger or PPS will send out individual letters notifying patients their information was involved since no Social Security numbers or financial data was exposed.
How Did Postal Prescription Services Admit to the Breach?
Postal Prescription Services made a statement to the public about the incident, explaining what information was exposed and why the information was made available. An internal error caused this issue to occur for many years, though PPS didn't explain what the error was that led to the problem.
What Will Become of the Stolen Information?
Tens of thousands of people had their names and email addresses stolen from PPS. This information isn't enough for identity theft purposes, but it is enough to launch more convincing phishing attacks. Hackers use any personal information they have in phishing campaigns in an effort to trick people into providing more of their information. Most attackers use whatever information they have access to, in order to create more convincing phishing attempts, making customers feel like they're dealing with a legitimate company that's asking for information.
What Should Affected Parties Do in the Aftermath of the Breach?
If you believe your PPS information was shared in this data breach, you should be careful to avoid clicking on strange links in your email. You should also avoid sharing personal information through your email and don't trust unfamiliar organizations or strange email accounts. Never provide passwords through your email, and only reset passwords at trustworthy websites. Taking these precautions will help protect you from most phishing attacks and should reduce any risks caused by this basic data breach.