An American drugstore chain Rite Aid has fallen victim to a data breach following a cyberattack operation by the RansomHub ransomware group.
This data breach led to a compromise of sensitive customer information, including names, addresses, DL ID numbers, dates of birth, and Rite Aid rewards numbers. Approximately 10 GB of data, amounting to around 45 million lines of personal information.
In an announcement on the Tor Leak site, the RansomHub ransomware group detailed their unauthorized access to Rite Aid’s network, emphasizing their capture of sensitive customer details. They have also set a ransom deadline of July 26, 2024, threatening to release the stolen data if their demands are not met.
Rite Aid previously acknowledged a “limited cybersecurity incident” in June and assured stakeholders that investigations are nearing completion. Rite Aid has emphasized its commitment to customer data security, noting that the incident has been a top priority
Fortunately, Rite Aid has clarified that the breach does not compromise the social security numbers, health records, or financial information of its customers. Nonetheless, the exposure of personal details remains a significant concern for affected individuals.
In May 2023, the company was one of several organizations targeted in the MOVEit hacking campaign orchestrated by the Cl0p ransomware gang. During that incident, over 24,000 customers’ PII, including insurance and prescription details, were compromised.
As the investigation continues, Rite Aid is working closely with cybersecurity experts to restore systems and ensure operational stability. It has also begun notifying impacted customers about the incident and recommended precautions to safeguard against potential misuse of their personal information
