Texas Attorney General Greg Abbott took legal action Tuesday against CVS/pharmacy for exposing its customers to identity theft. According to court documents filed by the Attorney General, CVS violated a 2005 law requiring businesses to protect any customer records that contain sensitive customer information, including credit and debit card numbers.
Investigators with the Office of the Attorney General (OAG) discovered that a CVS store in Liberty, near Houston, exposed hundreds of its customers to identity theft by failing to properly dispose of records that contained sensitive information. The investigation was launched after reports indicated that bulk customer records were tossed in a dumpster behind the store. Investigators also found several medical prescription forms that included each customer’s name, address, date of birth, issuing physician and the types of medication prescribed. The documents obtained by OAG investigators also contained hundreds of active debit and credit card numbers, complete with expiration dates.