Online Pharmacy Truepill’s Data Breach Impacts Over 2 Million Individuals

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Postmeds, operating as Truepill, revealed that unauthorized actors had breached its system and accessed personal information of more than 2.3 million people.

Truepill, an online business-to-business (B2B) pharmacy provider, uses APIs to make pharmacy product deliveries from businesses to consumers (B2C) across all 50 states in the US.

In a public as well as individual email notification , the organization informed recipients about the cybersecurity incident, wherein unknown hackers accessed its internal network between August 30, and September 1, 2023. ‘’On August 31, 2023, we discovered that a bad actor gained access to a subset of files used for pharmacy management and fulfillment services,’’ the notification revealed.

The compromised information includes patients name, types of medication, demographic data (in some instances), and name of prescribing physician. Although the Social Security numbers were not a part of this breach, the exposed data leaves the impacted customers vulnerable to phishing and other types of social engineering attacks.

According to the data published on the US Department of Health and Human Services Office for Civil Rights’ portal, 2,364,359 individuals have been impacted by this breach . However, Truepill in its notification, did not disclose any details about the attack, number of impacted customers, nor type of information breached. Some of the impacted individuals express confusion on social media sites , claiming that they had never availed Truepill’s services.

The security data breach as well as delay in customer notification has resulted in legal ramifications for Truepill (Postmeds). In the past few days, several class action lawsuits have been filed against the organization , citing that it had not adhered to the requisite industrial guidelines for securing customer information. Moreover, insufficient disclosure and delayed notification have also been argued as reasons behind the lawsuit.

Mr. Cooper Cybersecurity Incident Exposes Customer Data

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Mr. Cooper Group, one of the largest mortgage service providers in the US, revealed a security incident that is said to have compromised personal data of some of its customers.

The October 31 cyberattack not only allowed unauthorized actors gain access to the firm’s network, but also led to a disruption of services, particularly processing of customer payments.

In a public notice, the Texas-headquartered firm stated that upon discovery, an investigation was immediately launched to determine the nature and impact of the attack. Although the details remain unconfirmed, Mr. Cooper said that it will continue ‘’to investigate precisely what information was exposed,’’ and offer free credit monitoring services to impacted customers.

It also advised customers to monitor their bank accounts and credit reports and urged them to notify any suspicious or unauthorized activity immediately to the concerned bank.

As a precautionary measure, customers were advised to set up ‘fraud alert’ on their files with the credit bureaus for additional protection.

‘’You can also contact the three major credit bureaus to place a “fraud alert” on your file at no cost, which alerts creditors to contact you before they open a new credit account under your Social Security number. Additionally, you should update your passwords frequently and with increasing complexity and be mindful to not use the same password across multiple personal accounts,’’ the notification advised .

The mortgage provider assured customers that the attack would not result in any penalties or late fee payment charges.‘’As long as your November payment is received by the end of the month, you will not incur any fees, penalties or negative credit reporting related to late payments as we work to fix this issue.’’

Formerly Nationstar Mortgage LLC, the home loan service provider claims to have 4.3 million customers in the US, and is said to manage mortgages worth $937 billion by the end of Q3, 2023.