Rite Aid investigating June security breach
Rite Aid Corp. has acknowledged that an unauthorized intruder gained access to some of its corporate systems in June 2024.
"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a public statement. "We detected the incident within 12 hours and immediately launched an investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted. We also reported the incident to law enforcement, as well as federal and state regulators."
According to Rite Aid, on June 17, 2024, the unidentified intruder acquired customer data associated with the purchase or attempted purchase of specific products, including name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018.
[READ MORE: Fraud rises in 2023 for businesses, consumers alike]
Rite Aid said no social security numbers, financial information or patient information were exposed in the breach. The company will mail letters to consumers who may have had information exposed.
"We regret that this incident occurred and are implementing additional security measures to prevent potentially similar attacks in the future," Rite Aid said. "We take our obligation to safeguard personal information very seriously and are alerting affected consumers about this incident."
Report: Ransomware group behind Rite Aid intrusion
The RansomHub ransomware gang may be behind the cyberattack, according to Bleeping Computer. In a report, Bleeping Computer said it communicated with the RansomHub criminal organization, which claimed it stole 10 GB of customer information including name, address, driver’s license number, date of birth, and Rite Aid rewards number.
Rite Aid told Bleeping Computer it has restored all systems impacted in the breach.
As of Feb. 29, Rite Aid operated 1,704 stores across the United States, according to its website. Rite Aid also operates its wholly owned subsidiaries Health Dialog, which provides healthcare coaching and disease management services via live online and phone health services, and Bartell Drugs, which operates stores in the Seattle area.
