Ransomware victim disclosure
← All victimsWalgreens
Claimed by Shinyhunters · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileWalgreens is one of the largest pharmacy-led health and wellbeing companies in the United States, operating thousands of retail drugstore locations nationwide. The company sells prescription and non-prescription drugs, health and wellness products, cosmetics, and groceries, and provides health services including immunizations and patient care clinics. Many locations operate 24/7 to serve customers around the clock.
- Industry
- Pharmaceutical Retail & Health Services
- Address
- 200 Wilmot Road, Deerfield, IL 60015, United States
- Employees
- 100000+
- Founded
- 1901
Attack summary
Severity: high — Walgreens handles highly sensitive regulated data including prescription records, patient PII, and health information at massive scale across millions of customers; ShinyHunters has a credible history of large-scale data exfiltration, and the disclosed status is 'data_published', suggesting actual release. Elevated to high given the pharmaceutical/health services context even though specific data fields are unconfirmed in the post.ShinyHunters claims a data published disclosure against Walgreens, indicating exfiltration of data has occurred and been released; however, the leak post provides no specific details about the nature, volume, or content of the data stolen.
Original description
AI-summarised, not from the leak postWalgreens is an American pharmaceutical retail company, established in 1901. It is one of the largest US drugstore chains, known for selling prescription and non-prescription drugs, health and wellness products, cosmetics, and groceries. It also offers health services like immunization and patient care clinics. Often, Walgreens operates 24/7 to allow customers access to their products and services at any hour.
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

