The personal information of an undisclosed number of CVS customers at a branch in Calera, Ala., is at risk after a laptop was stolen from one of its vendors, according to AL.com.
The computer was password-protected, but the vendor – which has not been named – did not encrypt the patient data, which included patient names, addresses, telephone numbers, prescription names, numbers and dispensing dates. This failure is a violation of the vendor's obligations to CVS, according to a statement from CVS.
No financial information was stored on the laptop and only customer details from the Calera location was on the laptop, which was stolen on March 16 and reported to the police.
CVS is notifying affected customers and offered a phone number for more information.
