One Billion Consumer Records Compromised in CVS Health Database Leak

June 18, 2021

1 billion CVS Health search records were posted online by mistake in 2021. No authentication was necessary to access these records, which included user email addresses and searches for COVID-19 vaccines. CVS Health has worked to take down the compromised database since becoming aware of the issue.

Cybersecurity researcher Jeremiah Fowler notes, “I saw multiple records that indicated visitors searching for a range of items including medications, COVID-19 vaccines, and other CVS products. Hypothetically, it could have been possible to match the Session ID with what they searched for or added to the shopping cart during that session and then try to identify the customer using the exposed emails.” Read more here.

(Source: Heather Landi, Fierce Healthcare, 6/16/21)

Share This Story!