Online Pharmacy PlanetDrugsDirect Discloses Security Breach

Canadian online pharmacy PlanetDrugsDirect is emailing customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information.

PlanetDrugsDirect (also known as Planet Drugs Direct) is an active Canadian International Pharmacy Association (CIPA) member, and association of licensed, retail pharmacies that sell medication to Canadian and U.S. citizens, and more

PlanetDrugsDirect describes itself as an "online prescription referral service which provides our customers with direct access to affordable prescription and non-prescription medications" with roughly 400,000 customers.

Online pharmacy security breach

The Canadian online prescription referral service informed a yet unknown number of customers via email of a recent data security incident that may have impacted some of their data.

"Our investigation to date indicates that your exposed data may include your name, address, e-mail address, phone number, medical information including prescription(s), and payment information," PlanetDrugsDirect says in the breach notification.

"At this moment, there is no evidence to suggest passwords for online account access has been compromised," the online pharmacy adds.

PlanetDrugsDirect also states that the incident is currently under investigation and that additional details will be provided as soon as possible.

"We assure you that we are working diligently to complete the investigation and to rectify the situation," the alert also says.

PlanetDrugsDirect's site says that the online pharmacy collects several types of personal, financial, and medical information "necessary for providing service and arranging to fill your orders through our contracted pharmacies and government approved dispensaries."

The collected information usually includes the following: "name, mailing address, e-mail address, telephone number(s), occupation, employment status, referral source, the name of your primary physician (and his or her contact information), age, height, weight, sex, date of birth, the existence and types of drug allergies, medications requested, family medical history information, your personal medical history information, details of your existing medications, credit card information (including card type and number, expiry date and name of card holder) and prescription information."

Clients warned to track bank account and credit card activity

Customers are also advised in PlanetDrugsDirect's security incident notification to keep a close eye on their bank account and credit card activity.

In the event of any unusual activity, customers should immediately notify their bank and credit card company, as well as PlanetDrugsDirect's staff.

Clients can contact the company at 1-888-791-3784 or via e-mail at info@planetdrugsdirect.com.

"We take the privacy and protection of your data very seriously and we are doing everything we can to ensure that you're not impacted further by this incident," PlanetDrugsDirect concludes.

BleepingComputer confirmed the security incident after calling PlanetDrugsDirect's call center to ask for more details. The company's representative was unable to provide additional info other than customers being notified by email of the incident.

We have also reached out via email asking for more details regarding the reported security breach incident but did not hear back at the time of publication.