Truepill pharmacy provider reports data breach, exposes 2.3 million persons
Learn More
Truepill, a pharmacy provider operating as Postmeds, is alerting customers to a data breach that exposed the personal information of over 2.3 million individuals. Truepill, which services direct-to-consumer brands and digital health companies, identified unauthorized network access on August 31, 2023, with the intrusion occurring the previous day.
The compromised data includes customers'
- full names,
- medication types,
- demographic details,
- prescribing physicians' names
The notification's lack of specifics regarding the breach's method and absence of guidance on protecting against identity theft has been met with disapproval
The exposed data does not include Social Security numbers. This breach raises the risk of phishing attacks for affected customers. Some individuals were surprised to receive notifications as they did not recognize Truepill as a company they had interactions with.
The severity of the breach has sparked potential legal actions, with class action lawsuits being prepared citing Postmeds' failure to adhere to industry-standard security measures, such as encrypting sensitive healthcare data. The company's delayed response—taking over two months to notify customers—has also drawn criticism, especially as some individuals reported suspicious activities and the appearance of their personal data on the dark web during this period.
