CVS Charged With Exposing Customers To ID Theft - InformationWeek
IoT
IoT
News
News
4/19/2007
01:44 PM
50%
50%

CVS Charged With Exposing Customers To ID Theft

The pharmacy allegedly dumped documents containing critical customer information in a dumpster behind a Texas store.

The Texas Attorney General took legal action against CVS Pharmacy on Tuesday for allegedly exposing its customers to identity theft.

Investigators with the Office of the Attorney General said they discovered that a CVS store in Liberty, Texas, exposed hundreds of its customers to identity theft by dumping a mass of customer records in a dumpster behind the store. Investigators also said they found several medical prescription forms that included each customer's name, address, date of birth, issuing physician, and the types of medication prescribed.

The documents, according to an advisory, also contained hundreds of active debit and credit card numbers, complete with expiration dates.

It's still unclear if any of the information has been used in identity theft scams.

According to court documents filed by Attorney General Greg Abbott, CVS violated a 2005 law requiring businesses to protect any customer records that contain sensitive customer information, including credit and debit card numbers.

"Identity theft is one of the fastest growing crimes in the United States," said Abbott in a written statement. "Texas law protects sensitive personal information in order to prevent this widespread crime. Texans can rest assured that we will continue aggressively cracking down on vendors who jeopardize the confidentiality of their clients' sensitive information."

CVS is accused of violating the 2005 Identity Theft Enforcement and Protection Act, which requires businesses to protect and properly dispose of documents that include clients' sensitive personal information, according to the advisory. Under the law, the Attorney General's office has the authority to seek penalties of up to $50,000 per violation.

The Attorney General also charged CVS with violating Chapter 35 of the Business and Commerce Code, which requires businesses to develop retention and disposal procedures for their clients' personal information. The law provides for civil penalties of up to $500 for each abandoned record.

This is the fourth identity theft enforcement action by the Texas Office of the Attorney General in recent weeks. Earlier this month, the Texas attorney general charged RadioShack with violating identity protection laws by dumping thousands of customer records in a garbage bin behind a Texas store.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
News
6 Tech Trends for the Enterprise in 2019
Calvin Hennick, Technology Writer,  11/16/2018
Commentary
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Commentary
How Automation Empowers the CIO to Think Outside the IT Department
Guest Commentary, Guest Commentary,  11/20/2018
Register for InformationWeek Newsletters
Video
Current Issue
Enterprise Software Options: Legacy vs. Cloud
InformationWeek's December Trend Report helps IT leaders rethink their enterprise software systems and consider whether cloud-based options like SaaS may better serve their needs.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll