Rite Aid reveals data breach impacted 2.2 million customers

Free identity theft monitoring services offered by Rite Aid

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Therecent ransomware attack on Rite Aidaffected 2.2 million people overall, the company has confirmed in a filing with the Office of the Maine Attorney General.

The company also provided a copy of the breach notification letter it is sending out to those affected, in which it noted the breach occurred on June 6, and was spotted 12 hours later.

In that time, the threat actors managed to grab “certain data associated with the purchase or attempted purchase of specific retail products,” including “purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018.”

Sensitive data stolen

Following the breach, Rite Aid initially issued a statement, saying it suffered aransomwareattack which resulted in data theft, but did not say how many people were affected by the incident, nor what type of information the attackers stole.

“Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation,” it said at the time. “We take our obligation to safeguard personal information very seriously, and this incident has been a top priority.” “Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational.”

Now, the filing with the regulators confirmed more than two million affected individuals, including more than 30,000 Maine residents. Rite Aid also confirmed that the attackers did not steal Social Security Numbers (SSN), financial information, or patient information.

The company said it is currently implementing “additional security measures” to make sure these attacks don’t repeat in the future, without explaining what those measures are. Additionally, the affected individuals are getting free credit monitoring, fraud consultation, andidentity theftrestoration services through Kroll.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics