BreachExchange mailing list archives
Hackers steal Walgreens e-mail list, attack consumers
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 11 Dec 2010 12:54:37 -0500
http://technolog.msnbc.msn.com/_news/2010/12/10/5624759-hackers-steal-walgreens-e-mail-list-attack-consumers Pharmacy giant Walgreens had to swallow some bitter medicine on Friday when it told customers that a computer criminal had stolen its e-mail marketing list. The criminal used the list to send out realistic-looking spam that asked recipients to enter their personal information into a Web page controlled by hackers. "We are sorry this has taken place and for any inconvenience to you," the e-mail said. No prescription information or other health information was stolen, the company said — the criminal only managed to pilfer customer e-mail addresses. But even customers who had opted out of receiving marketing materials via e-mail from Walgreens had their addresses stolen in the heist. That means the firm stores customers' e-mail addresses even after they ask not to participate in e-mail marketing. "We realize you previously unsubscribed from promotional emails from Walgreens, and that will continue," the e-mail to customers said. Walgreens spokesman Michael Polzin said criminals so far have not attempted to imitate Walgreens corporate logo in the phishing e-mail they sent to consumers. "The e-mails said they were from another company and asked (users) to update some information," he said. Walgreens would never ask consumers to e-mail personal information like credit card numbers or Social Security numbers, he said. The company "became aware" of the heist within the past week, he said. He refused to disclose the number of customers impacted by it. "We are in the process of contacting those customers," he said. "We are not going to get into specifics." Walgreens, which has $60 billion in annual sales, is expanding at an astonishing pace. In November, it added 50 stores to its ranks of 8,000 retail outlets across the country. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Hackers steal Walgreens e-mail list, attack consumers Jake Kouns (Dec 11)