Amazon's PillPack is notifying consumers that an unauthorized person took customer emails and passwords to log into 19,032 PillPack accounts.
On April 3, PillPack noticed suspicious login attempts on its customer accounts and launched an investigation into the incident. The investigation determined that between April 2 and April 6, an unauthorized party used customer login credentials to log into 19,032 accounts, with 3,614 of those accounts containing prescription information.
Social Security numbers and payment card information were not involved in the breach, according to a data breach notification from Amazon.
Since the breach, the company has since reset all account passwords and enabled multifactor authentication on all consumer accounts.