U.S. mail-order pharmacy provider Truepill, also known as Postmeds, had data from more than 2.36 million individuals compromised following a breach of its systems in late August, BleepingComputer reports.
Attackers who infiltrated Truepill's network on Aug. 30 were able to access individuals' full names, demographic details, medication types, and the names of their prescribing physicians, but not their Social Security numbers, according to the breach notification letter sent by the firm.
Such a breach has already prompted various class action lawsuits accusing Postmeds of having lax security measures that resulted in the breach.
Aside from alleging Postmeds' failure to ensure the encryption of sensitive health data within its servers, the lawsuits also emphasized the company's delayed notification of the incident, with some of the affected individuals reporting suspicious Venmo account activity prior to the confirmation of the attack.
Postmed has also been accused of providing incomplete information regarding the compromised data, which one lawsuit says also includes birthdates, addresses, and health insurance details, as well as diagnosis and medical treatment information.
