- In March, a cybersecurity researcher discovered a CVS database including 1 billion data points.
- It contained searches for COVID-19 vaccines and medications, the researcher said on Website Planet.
- Researcher Jeremiah Fowler told Forbes CVS took the data set down within one day of him notifying the firm.
- See more stories on Insider's business page.
A dataset containing 1 billion data points from CVS customers, including searches for medications and COVID-19 vaccines made on CVS.com, was inadvertently posted online.
Cybersecurity researcher Jeremiah Fowler discovered a non-password protected database belonging to CVS Health on March 31. Fowler posted his findings on Website Planet.
The data consisted of searches for medications, COVID-19 vaccines, and other CVS products, Fowler reported. Some searches contained email addresses and "Visitor IDs" that could have matched searches with personal identifying information.
Read more: How DNA-testing startup Helix became one of the nation's leading coronavirus tracking labs
Fowler told Forbes he did not download the full dataset for ethical reasons, as he did not want to collect personal data. The researcher added CVS took down public access to the database within one day of Fowler notifying them.
CVS said in a statement to Forbes "an unnamed third party was responsible for controlling the information."
"The bad part about this finding was just how big it was," Fowler told Forbes in an interview. "In a small sampling of records there were emails from all major email providers."
CVS did not immediately respond to Insider's request for comment.