Walgreens

Walgreens’ Covid-19 test registration system exposed patient data of millions of people who got Covid-19 tests through Walgreens.

The personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect.

However, Walgreens added an authentication screen to its Covid-19 test confirmation pages and made it mandatory for anyone who wants to access the test confirmation pages to enter the patient’s date of birth first.

Source: https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerability

"id": "WAL221827123",
"linkid": "walgreens",
"type": "Data Leak",
"date": "09/2021",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"