On June 19, 2018, the California Office of the Attorney General reported a data breach involving Walgreen Co., which was discovered on April 17, 2018. Unauthorized skimming devices were found at two Walgreens-owned Rite Aid locations in Nashville, TN, potentially affecting customer payment card information. The breach may involve customer credit or debit card numbers, associated PINs, and possibly names, although there are no known reports of fraud as a result of this incident.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-137216
TPRM report: https://scoringcyber.rankiteo.com/company/walgreens
"id": "wal127072425",
"linkid": "walgreens",
"type": "Breach",
"date": "12/2017",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Pharmacy',
'location': 'Nashville, TN',
'name': 'Walgreen Co.',
'type': 'Retail'}],
'attack_vector': 'Skimming Devices',
'data_breach': {'personally_identifiable_information': 'Possibly names',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer credit or debit card '
'numbers',
'Associated PINs',
'Possibly names']},
'date_detected': '2018-04-17',
'date_publicly_disclosed': '2018-06-19',
'description': 'Unauthorized skimming devices were found at two '
'Walgreens-owned Rite Aid locations in Nashville, TN, '
'potentially affecting customer payment card information.',
'impact': {'data_compromised': ['Customer credit or debit card numbers',
'Associated PINs',
'Possibly names'],
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Skimming Devices'},
'motivation': 'Financial Gain',
'references': [{'date_accessed': '2018-06-19',
'source': 'California Office of the Attorney General'}],
'title': 'Walgreen Co. Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Physical Security'}