July 15, 2024 at 12:40PM
Rite Aid announced a data breach in which a third-party threat actor gained unauthorized access to certain systems. No sensitive personal information was compromised, but customer data related to retail purchases was accessed. RansomHub gang claims responsibility and has threatened to leak stolen data if a ransom is not paid within two weeks.
From the meeting notes, it is clear that Rite Aid recently experienced a data breach involving unauthorized access to certain company systems by a third-party threat actor who impersonated a company employee. Although Rite Aid has found that sensitive information such as Social Security numbers, financial information, and patient information was not affected, personal data related to retail product purchases, including names, addresses, dates of birth, and driver’s licenses or government IDs, was compromised.
The threat actors responsible for the breach are claimed to be the RansomHub gang, who obtained over 10GB of customer information, equating to around 45 million lines of people’s personal information. Rite Aid has reportedly halted negotiations with the ransomware group and the group has threatened to leak more information if their demands are not met within a two-week deadline.