Rite Aid hit by major data breach, customer information compromised

Rite Aid Corporation, a leading American drugstore chain headquartered in Philadelphia, has disclosed a significant data breach following a cyberattack by the RansomHub ransomware group. The breach has exposed sensitive customer information, including names, addresses, driver’s license ID numbers, dates of birth, and Rite Aid rewards numbers. The cybercriminals claim to have exfiltrated approximately 10 GB of data, comprising around 45 million lines of personal information.

Rite Aid, which operates over 2,000 stores across the United States and ranks No. 148 in the Fortune 500 as of 2022, reported that the cyberattack was initiated in June. This incident underscores the vulnerability of large corporations to advanced cyber threats despite extensive cybersecurity measures.

The RansomHub ransomware group announced the breach on the Tor Leak site, detailing their unauthorized access to Rite Aid’s network and emphasizing their capture of sensitive customer details. They have set a ransom deadline of July 26, 2024, threatening to release the stolen data if their demands are unmet.

The media contacted Rite Aid for more information, but the company has not responded officially. Previously, Rite Aid acknowledged a “limited cybersecurity incident” in June and assured stakeholders that investigations were nearing completion. Rite Aid emphasized its commitment to customer data security and noted that addressing the incident has been a top priority.

Fortunately, Rite Aid clarified that the breach did not compromise social security numbers, health records, or financial information. However, the exposure of personal details remains a significant concern for affected individuals.

This is not the first time Rite Aid has faced cybersecurity challenges. In May 2023, the company was targeted in the MOVEit hacking campaign orchestrated by the Cl0p ransomware gang, which compromised the personally identifiable information of over 24,000 customers, including insurance and prescription details.