CVS accidentally exposed a database containing 1 billion data points, including searches for medications and COVID-19 vaccines

·2 min read
cvs pandemic customers store
A cybersecurity researcher discovered a CVS database containing 1 billion data points, including searches for COVID-19 vaccines and medications. Johnny Louis/Getty Images
  • In March, a cybersecurity researcher discovered a CVS database including 1 billion data points.

  • It contained searches for COVID-19 vaccines and medications, the researcher said on Website Planet.

  • Researcher Jeremiah Fowler told Forbes CVS took the data set down within one day of him notifying the firm.

  • See more stories on Insider's business page.

A dataset containing 1 billion data points from CVS customers, including searches for medications and COVID-19 vaccines made on CVS.com, was inadvertently posted online.

Cybersecurity researcher Jeremiah Fowler discovered a non-password protected database belonging to CVS Health on March 31. Fowler posted his findings on Website Planet.

The data consisted of searches for medications, COVID-19 vaccines, and other CVS products, Fowler reported. Some searches contained email addresses and "Visitor IDs" that could have matched searches with personal identifying information.

Read more: How DNA-testing startup Helix became one of the nation's leading coronavirus tracking labs

Fowler told Forbes he did not download the full dataset for ethical reasons, as he did not want to collect personal data. The researcher added CVS took down public access to the database within one day of Fowler notifying them.

"The bad part about this finding was just how big it was," Fowler told Forbes in an interview. "In a small sampling of records there were emails from all major email providers."

CVS told Insider the firm determined the database, which was hosted by a third-party vendor, did not contain personal information of customers, members or patients. The firm worked with the vendor to quickly take down the database.

"We've addressed the issue with the vendor to prevent a recurrence and we thank the researcher who notified us about this matter," a CVS spokesperson said in a statement.

Read the original article on Business Insider

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting