Website Notice of Unauthorized Access to PillPack Accounts

As part of our commitment to our customers' privacy and security, we are posting information about unauthorized logins we detected on some PillPack.com customer accounts and the steps we took to protect our customers.

What happened?

On April 3, 2023, as part of our ongoing security monitoring to help protect customer accounts, we identified suspicious attempts to log in to some customer accounts on PillPack.com. We immediately launched an investigation and determined that between April 2 and April 6, 2023, an unauthorized person used customers’ e-mail addresses and passwords to log in to their PillPack.com accounts. Our investigation confirmed that no e-mail addresses or passwords were taken from PillPack, and our systems are secure. Instead, it’s most likely that the unauthorized person was able to log in to the PillPack accounts because customers used the same e-mail and password for another website where they got the information.

What data was involved?

The information included customers’ email address, information related to their PillPack prescriptions, and contact information for their prescribing provider. The unauthorized person logged into 19,032 accounts in total, and 3,614 of those accounts contained prescription information. Social Security numbers and payment card information were not involved.

What we are doing:

When we learned about this, we quickly reset all account passwords to prevent unauthorized access and protect customer accounts. We have enabled multi-factor authentication on all accounts, which adds an additional layer of protection. More information about how this additional protection works can be found at www.pillpack.com/security.

If you believe you are affected and do not receive a letter by July 2, 2023, please contact us at 855-745-5725 or privacy@pillpack.com. As always, customers can verify the authenticity of any communications from PillPack by contacting us at the email and phone number above.