Cyber Incident Victim: Pharmaca
Date:
Oct 2018
Location:
United States of America
Summary
Pharmaca experienced a payment card breach impacting its physical retail stores, with compromised data including card numbers, expiration dates, and occasionally cardholder names. The incident did not involve medical records, Social Security numbers, or other sensitive personal information. Analysis by a cybersecurity firm revealed that 13 of 29 store locations across five U.S. states were affected, and approximately 150,000 payment cards were linked to the breach. The stolen card data was identified on a dark web marketplace during a three-month period. Findings were referred to federal law enforcement for investigation, and customers were directed to contact a dedicated support line for additional details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Pharmaca experienced a payment card breach impacting its physical retail locations, first identified through external analysis of dark web activity. Between October and December 2018, compromised payment card data from Pharmaca customers appeared for sale on underground markets. Cybersecurity firm Gemini Advisory independently confirmed the breach by tracing the stolen card data to Pharmaca’s point-of-sale systems, subsequently alerting federal law enforcement. The breach exclusively affected brick-and-mortar stores across 13 of Pharmaca’s 29 locations in five western U.S. states: Washington, Oregon, California, Colorado, and New Mexico. Exfiltrated data included payment card numbers, expiration dates, and in some instances, cardholder names. No medical records, prescription details, Social Security numbers, driver’s license information, or government-issued identification numbers were compromised. Gemini’s analysis estimated approximately 150,000 payment cards were exposed in the incident.
Pharmaca initiated customer notifications following Gemini’s findings, disclosing the breach’s limited scope to payment card data. The company established a dedicated call center (866-904-6220) operating daily with extended weekday hours to address customer inquiries. Gemini Advisory provided all investigative data to U.S. federal authorities for further forensic examination and potential criminal investigation. The breach timeline suggests attackers infiltrated point-of-sale systems during the final quarter of 2018, though Pharmaca’s public disclosure occurred months later in February 2019. No operational disruptions or additional data compromise beyond the initially identified card details were reported.