Researchers have discovered an exposed online database with over a billion records belonging to American healthcare company CVS Health. The discovery was made by researcher Jeremiah Fowler and the WebsitePlanet research team, happened in March 2021. The database was secured the next day, after CVS was notified and they contacted the (unnamed) third-party vendor in charge of securing the database. It is still unknown whether someone other than the researchers previously found the exposed database and/or exfiltrated the data held within.
Source: https://www.helpnetsecurity.com/2021/06/17/exposed-cvs-database/