Ravkoo Breached ! PII Stolen
An US Internet-based pharmacy service Ravkoo, has disclosed a data breach after the AWS hosted cloud prescription portal was involved in a security incident that may have led to leak of PII and other information.
Ravkoo uses AWS for hosting its prescription portal. On September 27, 2021, Ravkoo detected that this portal was under an attack, it said in data breach notification sent to 105,000 affected customers on January 3. An unauthorized third party attempted to infiltrate the portal. On October 27, 2021, Ravkoo’s responsive forensic investigation revealed that certain prescription and health information could have been compromised.
The company also said that it found no evidence that customers’ Social Security Numbers were accessed during the incident, adding that it does not store SSN data on the affected prescription portal.
Ravkoo is yet to find any evidence that any of the information exposed in the incident has been misused since it hasn’t received reports of identity theft linked to this data breach since September 27, the date of the incident.
Affected individuals are also provided with one year of free online identity monitoring service from Kroll Information Assurance to allow them to resolve identity theft issues linked to this data breach.
The alleged hacker claimed to have been able to gain access to Ravkoo’s systems using a hidden admin panel any user could have used to view all data and provided records of 340,000 prescriptions that Ravkoo has filled between November 3, 2020, and September 11, 2021 amounting to an estimated $8.5 million in drug costs.