Walmart, CaptureRx Hit with Class Action Over Feb. 2021 Data Breach Affecting Pharmacy Customers

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action has been filed in the wake of a February 2021 data breach that reportedly exposed the personal information of Walmart pharmacy patients.

According to the suit, defendants Walmart Inc., Wal-Mart Stores East, L.P. and NEC Networks, LLC (which does business as CaptureRx) have failed to protect patients’ sensitive personal information—including their full names, Social Security numbers, dates of birth, home addresses, account numbers, insurance information, medical diagnoses and treatment records, private treatment information, diagnosis codes and “other legally protected information”—from unauthorized access despite having a legal and fiduciary obligation to do so.

The plaintiff, a Mason County, West Virginia resident, says he received a May 5, 2021 notice from NEC Networks that his sensitive medical and personal information had been accessed by unauthorized third parties around February 6, 2021. According to the suit, the breach was a direct result of the defendants’ failure to safeguard patients’ information against “reasonably foreseeable privacy risks.” The lawsuit claims Walmart and CaptureRx not only stored pharmacy customers’ data in a location that “was not reasonably protected, guarded, secured” or was unreasonably accessible, but failed to properly train and supervise employees on data security and failed to adequately monitor and maintain the security of their systems.

As a result of the incident, the financial, insurance and health information of Walmart pharmacy patients and their physician-patient confidential relationship have been compromised, the filing alleges.

The case goes on to claim that the defendants “placed [their] own interests and needs” before those of patients by failing to timely send notice of the breach after it was discovered. Indeed, the plaintiff claims to have not received notice that his information had been improperly accessed until early May 2021, three months after the incident occurred.

Per the case, Walmart’s and CaptureRx’s handling of patient data and response to the security breach have fallen short of “reasonable and best industry practices” and subjected those whose information was compromised to “significant loss, injury and damages.”

The lawsuit, which has been removed from state to federal court in West Virginia, looks to cover anyone whose sensitive information in the defendants’ possession was compromised as a result of a security breach that occurred on or around February 6, 2021.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.