Wal-Mart Stores (WMT) said on Wednesday that prescription history and other basic information on a few thousand online U.S. pharmacy customers may have been visible to other users during a four-day stretch last month due to a coding mistake.
“We had a software coding error for a 72-hour period from February 15 to 18 that affected a limited group of online pharmacy customers,” said company spokesman Dan Toporek. “We moved quickly to fix the issue once it was discovered.”
During that period two customers who logged in at the same time may have been able to see information on the other, including their name, address, date of birth and prescription history, Toporek said. Users were not able to see social security numbers, or full credit or debit card or health insurance information, he said.
The error happened during the migration of servers and was not a hack, Toporek said. Fewer than 5,000 users were potentially affected, a small percentage of the number of people who logged in during the 72-hour period, he said.
Walmart does not disclose the size of its online pharmacy business, but the retailer ranks as one of the largest drugstores in the United States, with some $19 billion in annual revenue, according to an estimate last year by Evercore ISI.
Walmart is contacting potentially impacted customers directly and is offering them identity protection services, although it does not have “reason to believe the information was inappropriately used by someone else,” Toporek said.