A security breach, involving the improper disposal of a device used to capture customers’ signatures, has been encountered by ShopRite Supermarkets, Inc.
The device in question was used at the ShopRite, Kingston, NY location between 2005 and 2015 and stored personal and medical data. Customers who attended the pharmacy and had prescriptions supplied between 2005 and 2015 have potentially been impacted by the exposure. For those customers, the device stored data such as names, phone numbers, prescription details, dates and times of pickup or delivery, zip codes, medication names, and customers’ signatures.
The device in question was also used for customers who bought an over-the-counter product that contained pseudoephedrine. Those customers have had their driver’s license number, zip code, details of the specific product purchased, and personal and medical data exposed.
In the substitute breach notice made public on the Wakefern Food Corp., website, it stated that the device in question was disposed of by accident in February 2016, although ShopRite only confirmed that a data security incident had happened on October 13, 2017.
ShopRight has not received any official reports to make anyone feel that information on the device has been accessed or misused in any way, although customers have been advised to keep a close eye on their Explanation of Benefits statements from their insurers for any suggestion of fraudulent use of their data. Customers have also been advised to keep a close eye on their financial accounts for any suggestion of fraud, although ShopRite does remark that their Social Security numbers and financial data were not accessible at any point in time.
ShopRite has moved to address the incident by reviewing its security policies in relation to devices that store personal data and the removal and secure removal of data from those devices before disposal. Privacy and security training sessions have also been provided to all pharmacy employees to help stop further security breaches of this manner.
All ShopRite customers impacted by the security breach have now been made aware by mail. The breach report sent to the Department of Health and Human Services’ Office for Civil Rights states that 12,172 individuals have been affected by the breach.