In early April, online pharmacy PillPack detected suspicious activity. An unauthorized user had used customer email addresses and passwords to log into their online accounts. 

PillPack was able to determine that the credentials weren't taken from their site and instead from a third-party. 

The information found included customers’ email address, information related to their PillPack prescriptions, and contact information for their prescribing provider. The unauthorized person logged into 19,032 accounts in total, and 3,614 of those accounts contained prescription information. Social Security numbers and payment card information were not involved.