Data Loss Source: Employees at a CVS store in Liberty, Texas, tossed hundreds of customer records into a dumpster behind the storefront. Such action on CVS’s part violates the 2005 Identity Theft Enforcement and Protection Act, a Texas state law that requires businesses to protect customer records that contain sensitive information. In addition, CVS is charged with violating Chapter 35 of Texas’ Business and Commerce Code that requires businesses to practice appropriate retention and disposal procedures for personal information they store about their customers.
Date of Loss: April 7, 2007
Size of Loss: Thousands of customer records
Affected Individuals: Customers of CVS Pharmacy
Geographic Focus: Liberty, TX
Data contained: The documents included customers’ names, addresses, Social Security numbers, credit card numbers, prescriptions and doctors. Many of the credit and debit card numbers were still active when found, as expiration dates were included in the information.
Additional Notes: While CVS’s actions won’t likely end up exposing as many customers’ to the risk of identity theft as other recent breaches , the Attorney General’s office is warning customers of that CVS location to monitor their finances for suspicious activity.
Additional Information: PC World Magazine

Popularity: 3% [?]