According to researchers, due to a misconfigured Google Cloud storage bucket, hundreds of medical patients taking cancer drugs including Aromasin, Ibrance, and others are now vulnerable to phishing attacks as well as malware and identity fraud. The company hosting the leaked information, pharmaceutical giant Pfizer, left the Google Cloud storage bucket open for a number of months. The data held in the bucket includes phone call transcripts, personally identifiable information (PII), and prescription information.

The victims of the data leak were people using pharmaceuticals including Chantix, Viagra, Premarin, Aromasin, and Ibrance. Although security researchers first believed that the users of just one of the medications were exposed, it soon found that all of the files and entries pertaining to brands owned by Pfizer had been left publicly accessible on the internet. The bucket exposed partial details for health and medical status, customer support messages, home addresses, email addresses, phone numbers, and full names.