Drugstore chain Walgreen Co on Friday warned customers they may have received unauthorized emails seeking personal data after a breach of one of the company's customer lists.
The company said in an email to customers that it recently became aware of the unauthorized access to an email list of customers who receive special offers and newsletters. It said those customers may have then received some spam email messages directing them to another website and seeking personal data.
The important thing to note is only email addresses were obtained, so things like customer passwords, account information, prescription information, any other personally identifiable information was not at risk because that data was not contained in the email system, Walgreen spokesman Michael Polzin said.
He said no access was gained to the company's consumer data systems, but Walgreen was in the process of contacting the customers affected to alert them.
Polzin said the incident took place over the last week, but declined to say how many email addresses had been obtained. He also would not discuss the nature of the attack that resulted in the unauthorized access.
Walgreen, which said it never asks in emails for such personal data as credit cards or social security numbers, said it has contacted federal investigators regarding the incident.
(Reporting by Ben Klayman in Detroit, editing by Dave Zimmerman)