Canadian online drug dispensary, PlanetDrugsDirect, has been notifying its customers of a security breach. The data breach exposed both financial and personal information.
Who is PlanetDrugsDirect?
PlanetDrugsDirect is a Canadian online government approved dispensary that sells prescription and non-prescription drugs to Canadian, US and international customers. It is an active member of Canadian International Pharmacy Association (CIPA). CIPA is an association of licensed retail pharmacies, which provides information about safe online pharmacy websites.
However, PlanetDrugsDirect is not a pharmacy. On its website PlanetDrugsDirect describes itself as “a prescription referral service that provides you with direct access to low cost prescription drugs”. Although it is not known exactly how many customers the company has, this has been estimated to be around 400,000.
Online Dispensary’s Security Breach
PlanetDrugsDirect have not provided much information as to the circumstances of the security breach. All information that is available on the breach comes from an email breach notification the company sent to its customers.
From the wording of the breach notification it appears the company is not certain on the circumstances of the breach or what exactly has been stolen. However, it states that the breach could have exposed “name, address, email address, phone number, medical information including prescription(s), and payment information”.
PlanetDrugsDirect also collects other personal information, which is not yet known if it has been breached. This includes online customers’ family medical history, drug allergies, name of primary physicians, occupation, employment status, and more. This is all sensitive personal information that is very sought after by malicious actors such as scammers and extortionists. It is also used in phishing attacks.
However, the online company doesn’t believe that username and password information to customer online accounts were breached. Consequently, it is unlikely that online accounts have been compromised and are thus safe from takeover attacks.
Dispensary Warns Clients to Keep an Eye on their Bank Accounts
The customer notification states that the breach is under investigation and that additional information will be provided as soon as possible. “We assure you that we are working diligently to complete the investigation and to rectify the situation,” the notification states.
In the meanwhile, however, PlanetDrugsDirect is advising customers to closely monitor their bank account and credit card activity. Customers have also been advised to notify PlanetDrugsDirect, as well as their bank, if they notice any unusual activity.
PlanetDrugsDirects concludes the email breach notification by stating: “We take the privacy and protection of your data very seriously and we are doing everything we can to ensure that you’re not impacted further by this incident.”