Canadian online pharmacy PlanetDrugsDirect is notifying customers of a data breach that might have potentially compromised their personal and financial details.
In an email obtained by Bleeping Computer, the online drugstore disclosed about a security incident, that may have possibly exposed the customers’ names, addresses, emails, contact numbers, medical information, and payment information.
“PlanetDrugsDirect is committed to the safety and security of your information,” the online pharmacy opened in a notification breach.
“Our investigation to date indicates that your exposed data may include your name, address, e-mail address, phone number, medical information including prescription(s), and payment information,” the email continued.
To date, PlanetDrugsDirect said that their investigation provides no indication of possible password leaks concerning customers’ online accounts. The online drugstore also assured they will be “working diligently” to carry out the investigation and fix the problem.
Launched in 2001, PlanetDrugsDirect operates as a licensed Canadian online government-approved dispensary that sells low prices generic prescription drugs and brand medications to Canadian and U.S. citizens. To date, the business is said to be an active member of the Canadian International Pharmacy Association (CIPA) and has roughly 4,000 customers.
Among the types of information, it typically collects include “name, mailing address, e-mail address, telephone number(s), occupation, employment status, referral source, the name of your primary physician (and his or her contact information), age, height, weight, sex, date of birth, the existence and types of drug allergies, medications requested, family medical history information, your personal medical history information, details of your existing medications, credit card information (including card type and number, expiry date and name of cardholder) and prescription information.”
As mentioned in its site, the Canadian online pharmacy said it uses “current technologies and maintains security standards” to protect customer information from unauthorized access and other forms of information misuse.
To date, as the investigation continues, PlanetDrugsDirect promised to provide customers with additional details, as well as the additional steps they will be taking, “as reasonably as possible.”
“In the interim, please ensure that you carefully monitor your credit card and bank activity. Please notify us as well as your credit card company or bank in the event there is any unusual activity,” the email advice.
“We take the privacy and protection of your data very seriously and we are doing everything we can to ensure that you’re not impacted further by this incident,” it concludes.